CVE-2013-6814: Input Validation
First published: Tue Nov 19 2013(Updated: )
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | <=7.02 | |
| SAP NetWeaver | =6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6814?
CVE-2013-6814 is considered a high severity vulnerability that allows remote attackers to conduct phishing attacks.
How do I fix CVE-2013-6814?
To mitigate CVE-2013-6814, upgrade SAP NetWeaver to a version later than 7.02 and apply all relevant security patches.
What are the potential impacts of CVE-2013-6814?
The potential impacts of CVE-2013-6814 include unauthorized redirection of users and exposure of sensitive information like cookies and SAPPASSPORT.
Which versions of SAP NetWeaver are affected by CVE-2013-6814?
CVE-2013-6814 affects SAP NetWeaver versions up to and including 7.02 and version 6.4.
Can CVE-2013-6814 be exploited remotely?
Yes, CVE-2013-6814 can be exploited remotely, allowing attackers to redirect users to arbitrary websites.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- agent/source
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.02
- version/sap netweaver/6.4