CVE-2013-7363 - Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attac

CVE-2013-7363

Summary

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.

References

Vulnerable Configurations

cpe:2.3:a:sap:solution_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:sap:solution_manager:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-04-2014 - 17:09)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20130222 [Onapsis Security Advisory 2013-006] SAP SMD Agent Code Injection
confirm	http://scn.sap.com/docs/DOC-8218
misc	http://www.onapsis.com/get.php?resid=adv_onapsis-2013-006 http://www.onapsis.com/research-advisories.php https://service.sap.com/sap/support/notes/1774568

Last major update

11-04-2014 - 17:09

Published

10-04-2014 - 20:55

Last modified

11-04-2014 - 17:09