CVE-2013-3061
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
La función ishmed-PATRED_TRANSACT_RFCCALL en el componente Industry-Specific Component Hospital IS-H en la solución SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), permite a los usuarios remotos autenticados evitar las restricciones de operación que se pretende a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-04-15 CVE Reserved
- 2013-04-16 CVE Published
- 2023-09-27 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Erp Central Component Search vendor "Sap" for product "Erp Central Component" | - | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Healthcare Industry Solution Search vendor "Sap" for product "Healthcare Industry Solution" | - | - |
Affected
| ||||||