CVE-2013-6814

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
20/11/2013
Last modified:
11/04/2025

Description

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:* 7.02 (including)
cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*