Computer Security
[EN] securityvulns.ru no-pyccku


SAP applications multiple security vulnerabilities
Published:22.04.2013
Source:
SecurityVulns ID:13030
Type:remote
Threat Level:
6/10
Description:Privilege escalation, code execution.
CVE:CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.)
 CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.)
 CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.)
Original documentdocumentESNC Security, [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services (22.04.2013)
 documentESNC Security, [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control (22.04.2013)
 documentESNC Security, [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Solution (22.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod