Vulnerabilities > CVE-2013-3678 - Security vulnerability in SAP GRC
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html
- http://seclists.org/fulldisclosure/2014/Nov/25
- http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control
- http://www.securityfocus.com/archive/1/533965/100/0/threaded
- http://www.securityfocus.com/bid/71055
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98637
- https://service.sap.com/sap/support/notes/2039348