CVE-2013-3678
SAP Governance, Risk, and Compliance - Privilege Escalation & Arbitrary Program Execution via RFC/SOAP-RFC
Title source: llmDescription
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/2039348
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98637
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71055
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533965/100/0/threaded
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/129083/SAP-GRC-Bypass-Privilege-Escalation-Program-Execution.html
Various Sources x_refsource_misc
http://www.esnc.de/security-advisories/security-vulnerability-in-sap-grc-access-control
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/25
Scores
EPSS
0.0204
EPSS Percentile
84.1%
Details
Status
published
Products (1)
sap/governance_risk_and_compliance
Published
Nov 19, 2014
Tracked Since
Feb 18, 2026