Details of VAR-201404-0300

ID

VAR-201404-0300

CVE

CVE-2013-7362

TITLE

SAP CCMS Agent Code Injection Vulnerability

Trust: 0.9

sources: BID: 58181 // CNNVD: CNNVD-201302-593

DESCRIPTION

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors

Trust: 1.89

sources: NVD: CVE-2013-7362 // JVNDB: JVNDB-2013-006308 // BID: 58181

AFFECTED PRODUCTS

vendor:	sap	model:	ccms agent	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	ccms agent	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-006308 // CNNVD: CNNVD-201404-130 // NVD: CVE-2013-7362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7362
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7362
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201404-130
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2013-7362
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2013-006308 // CNNVD: CNNVD-201404-130 // NVD: CVE-2013-7362

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2013-006308 // NVD: CVE-2013-7362

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201302-593 // CNNVD: CNNVD-201404-130

TYPE

code injection

Trust: 1.2

sources: CNNVD: CNNVD-201302-593 // CNNVD: CNNVD-201404-130

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006308

PATCH

title:

SAP Security Note, 1758450

url:

http://scn.sap.com/docs/DOC-8218

Trust: 0.8

sources: JVNDB: JVNDB-2013-006308

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7362	Trust: 2.7
db:	BID	id:	58181	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-006308	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-593	Trust: 0.6
db:	BUGTRAQ	id:	20130222 [ONAPSIS SECURITY ADVISORY 2013-005] SAP CCMS AGENT CODE INJECTION	Trust: 0.6
db:	CNNVD	id:	CNNVD-201404-130	Trust: 0.6

sources: BID: 58181 // JVNDB: JVNDB-2013-006308 // CNNVD: CNNVD-201302-593 // CNNVD: CNNVD-201404-130 // NVD: CVE-2013-7362

REFERENCES

url:	http://www.onapsis.com/research-advisories.php	Trust: 2.4
url:	http://www.onapsis.com/get.php?resid=adv_onapsis-2013-005	Trust: 2.4
url:	http://archives.neohapsis.com/archives/bugtraq/2013-02/0135.html	Trust: 2.4
url:	https://service.sap.com/sap/support/notes/1758450	Trust: 1.6
url:	http://scn.sap.com/docs/doc-8218	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7362	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7362	Trust: 0.8
url:	http://www.securityfocus.com/bid/58181	Trust: 0.6

sources: JVNDB: JVNDB-2013-006308 // CNNVD: CNNVD-201302-593 // CNNVD: CNNVD-201404-130 // NVD: CVE-2013-7362

CREDITS

Juan Perez-Etchegoyen

Trust: 0.9

sources: BID: 58181 // CNNVD: CNNVD-201302-593

SOURCES

db:	BID	id:	58181
db:	JVNDB	id:	JVNDB-2013-006308
db:	CNNVD	id:	CNNVD-201302-593
db:	CNNVD	id:	CNNVD-201404-130
db:	NVD	id:	CVE-2013-7362

LAST UPDATE DATE

2025-04-13T23:31:40.387000+00:00

SOURCES UPDATE DATE

db:	BID	id:	58181	date:	2014-06-09T00:31:00
db:	JVNDB	id:	JVNDB-2013-006308	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-593	date:	2013-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-130	date:	2014-05-05T00:00:00
db:	NVD	id:	CVE-2013-7362	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	BID	id:	58181	date:	2013-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-006308	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-593	date:	2013-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-130	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2013-7362	date:	2014-04-10T20:55:06.087