CVE-2013-6814

high

Description

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

References

https://service.sap.com/sap/support/notes/1854826

https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/

http://secunia.com/advisories/55778

http://scn.sap.com/docs/DOC-8218

Details

Source: Mitre, NVD

Published: 2013-11-20

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00307