PRIOn knowledge basePRION:CVE-2013-3678Cross site request forgery (csrf)
7.8 High
AI Score
Confidence
Low
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.5%
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
References
packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html
seclists.org/fulldisclosure/2014/Nov/25
www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control
www.securityfocus.com/archive/1/533965/100/0/threaded
www.securityfocus.com/bid/71055
exchange.xforce.ibmcloud.com/vulnerabilities/98637
service.sap.com/sap/support/notes/2039348
Related
7.8 High
AI Score
Confidence
Low
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.5%