Lucene search

PRIOn knowledge basePRION:CVE-2013-3061

HistoryMay 01, 2013 - 12:00 p.m.

Design/Logic Flaw

2013-05-0112:00:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.7%

JSON

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

References

archives.neohapsis.com/archives/bugtraq/2013-04/0176.html

scn.sap.com/docs/DOC-8218

www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare

service.sap.com/sap/support/notes/1691744

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for PRION:CVE-2013-3061