Netweaver Development Infrastructure
CVE-2013-6820
CRITICAL
Severity by source
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
AnalysisAI
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. Affected products include: Sap Netweaver Development Infrastructure.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Compo
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30,
NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today