CVE-2013-7095 - Vulnerability Details - OpenCVE

ReportizFlow

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Customer Relationship Management

Configuration 1 [-]

cpe:2.3:a:sap:customer_relationship_management:7.02:ehp2:*:*:*:*:*:*

No data.

References

Link	Providers
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/56064
http://www.securityfocus.com/bid/64265
http://www.securitytracker.com/id/1029488
https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/
https://exchange.xforce.ibmcloud.com/vulnerabilities/89703
https://service.sap.com/sap/support/notes/1909665

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-13T19:00:00

Updated: 2024-08-06T17:53:46.137Z

Reserved: 2013-12-13T00:00:00

Link: CVE-2013-7095

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-12-13T20:08:40.907

Modified: 2024-11-21T02:00:20.333

Link: CVE-2013-7095

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-10T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sap-crm-xml-info-disc(89703)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89703"}, {"name": "1029488", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029488"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://scn.sap.com/docs/DOC-8218"}, {"name": "56064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56064"}, {"name": "64265", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64265"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://service.sap.com/sap/support/notes/1909665"}, {"tags": ["x_refsource_MISC"], "url": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2013-7095", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sap-crm-xml-info-disc(89703)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89703"}, {"name": "1029488", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029488"}, {"name": "http://scn.sap.com/docs/DOC-8218", "refsource": "CONFIRM", "url": "http://scn.sap.com/docs/DOC-8218"}, {"name": "56064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56064"}, {"name": "64265", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64265"}, {"name": "https://service.sap.com/sap/support/notes/1909665", "refsource": "CONFIRM", "url": "https://service.sap.com/sap/support/notes/1909665"}, {"name": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/", "refsource": "MISC", "url": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:46.137Z"}, "title": "CVE Program Container", "references": [{"name": "sap-crm-xml-info-disc(89703)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89703"}, {"name": "1029488", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029488"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://scn.sap.com/docs/DOC-8218"}, {"name": "56064", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56064"}, {"name": "64265", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64265"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://service.sap.com/sap/support/notes/1909665"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7095", "datePublished": "2013-12-13T19:00:00", "dateReserved": "2013-12-13T00:00:00", "dateUpdated": "2024-08-06T17:53:46.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:customer_relationship_management:7.02:ehp2:*:*:*:*:*:*", "matchCriteriaId": "E077761A-94DE-42EE-A781-1F351249A4D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "El analizador XML (crm_flex_data) en SAP Customer Relationship Management (CRM) 7.02 EHP tiene impacto desconocido y vectores de ataque relacionados problemas con la entidades externas XML (XXE)."}], "id": "CVE-2013-7095", "lastModified": "2024-11-21T02:00:20.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-13T20:08:40.907", "references": [{"source": "[email protected]", "url": "http://scn.sap.com/docs/DOC-8218"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56064"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/64265"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1029488"}, {"source": "[email protected]", "url": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89703"}, {"source": "[email protected]", "url": "https://service.sap.com/sap/support/notes/1909665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://scn.sap.com/docs/DOC-8218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/64265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://erpscan.io/advisories/erpscan-13-025-sap-crm-crm_flex_data-xxe/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://service.sap.com/sap/support/notes/1909665"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}