VAR-201309-0329
Vulnerability from variot - Updated: 2025-04-11 23:14SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE.". Because some of the input passed to the \"ABAD0_DELETE_DERIVATION_TABLE\" function fails to filter properly before using the SQL query, the remote attacker manipulates the SQL query by injecting arbitrary SQL code. SAP NetWeaver is a set of service-oriented integrated application platform of German SAP company. The platform provides a development and runtime environment for SAP applications. The vulnerability stems from insufficient filtering of user-submitted data before the program constructs SQL query statements. Attackers can use this vulnerability to manipulate SQL query logic to perform unauthorized operations in the underlying database. There are vulnerabilities in SAP NetWeaver 7.30, other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 3.5,
"vendor": "sap",
"version": "7.30"
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:netweaver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikolay Mescherin of ERPScan",
"sources": [
{
"db": "BID",
"id": "62147"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5723",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-12896",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "01277918-1f0d-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5723",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-12896",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-5723",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to \"ABAD0_DELETE_DERIVATION_TABLE.\". Because some of the input passed to the \\\"ABAD0_DELETE_DERIVATION_TABLE\\\" function fails to filter properly before using the SQL query, the remote attacker manipulates the SQL query by injecting arbitrary SQL code. SAP NetWeaver is a set of service-oriented integrated application platform of German SAP company. The platform provides a development and runtime environment for SAP applications. The vulnerability stems from insufficient filtering of user-submitted data before the program constructs SQL query statements. Attackers can use this vulnerability to manipulate SQL query logic to perform unauthorized operations in the underlying database. There are vulnerabilities in SAP NetWeaver 7.30, other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "62147",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2013-5723",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "96900",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54702",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029018",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2013-12896",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171",
"trust": 0.6
},
{
"db": "IVD",
"id": "01277918-1F0D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2013-5723",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"id": "VAR-201309-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
}
],
"trust": 1.07111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
}
]
},
"last_update_date": "2025-04-11T23:14:41.976000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Acknowledgments to Security Researchers (SAP Security Note 1840249)",
"trust": 0.8,
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"title": "SAP NetWeaver \u0027ABAD0_DELETE_DERIVATION_TABLE\u0027 function SQL injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/39364"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://secunia.com/advisories/54702"
},
{
"trust": 1.7,
"url": "http://osvdb.org/96900"
},
{
"trust": 1.7,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.7,
"url": "https://service.sap.com/sap/support/notes/1840249"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/62147"
},
{
"trust": 1.4,
"url": "http://erpscan.com/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029018"
},
{
"trust": 1.1,
"url": "https://erpscan.io/advisories/dsecrg-13-016-sap-netweaver-abad0_delete_derivation_table/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5723"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5723"
},
{
"trust": 0.6,
"url": "http://www.securelist.com/en/advisories/54702"
},
{
"trust": 0.3,
"url": "http://www.sap.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"db": "BID",
"id": "62147"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-09T00:00:00",
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"date": "2013-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "62147"
},
{
"date": "2013-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"date": "2013-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"date": "2013-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"date": "2013-09-12T13:31:15.587000",
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12896"
},
{
"date": "2018-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5723"
},
{
"date": "2013-08-20T00:00:00",
"db": "BID",
"id": "62147"
},
{
"date": "2013-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004089"
},
{
"date": "2013-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"date": "2013-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-171"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver \u2018 ABAD0_DELETE_DERIVATION_TABLE \u0027function SQL Injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "01277918-1f0d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-065"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-171"
}
],
"trust": 1.4
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…