CVE-2013-3319

SAP Netweaver 7.03 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-3319. PoCs published by devoteam-cybertrust, including Metasploit module auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.

AI-analyzed exploit summary This is a Metasploit auxiliary module that exploits CVE-2013-3319 to retrieve system information from SAP Host Agent via the SOAP interface. It sends a crafted SOAP request to the SAP HostControl service to extract computer, OS, process, filesystem, and network port details.

Description

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.

Exploits (2)

nomisec WORKING POC
by devoteam-cybertrust · poc
https://github.com/devoteam-cybertrust/cve-2013-3319

This is a Metasploit auxiliary module that exploits CVE-2013-3319 to retrieve system information from SAP Host Agent via the SOAP interface. It sends a crafted SOAP request to the SAP HostControl service to extract computer, OS, process, filesystem, and network port details.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SAP Host Agent (SAP HostControl service)
No auth needed
Prerequisites: Network access to the SAP Host Agent service (port 1128 by default)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb

This Metasploit module exploits an information disclosure vulnerability in SAP Host Agent (CVE-2013-3319) by sending a SOAP request to retrieve system information such as computer details, OS metrics, processes, and filesystem data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SAP Host Agent (SAP HostControl service)
No auth needed
Prerequisites: Network access to SAP Host Agent (port 1128)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1816536
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Various Sources x_refsource_misc
http://labs.integrity.pt/advisories/cve-2013-3319/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85905
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54277

Scores

EPSS 0.2071
EPSS Percentile 97.2%

Details

CWE
CWE-200
Status published
Products (1)
sap/netweaver 7.03
Published Aug 16, 2013
Tracked Since Feb 18, 2026