Lucene search

[email protected]CVE-2014-3130

HistoryApr 30, 2014 - 2:22 p.m.

CVE-2014-3130

2014-04-3014:22:00

CWE-264

[email protected]

web.nvd.nist.gov

abap help

documentation

translation tools

basis

sap netweaver

abap application server

cve-2014-3130

nvd

7.6 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.

CPENameOperatorVersion
sap:netweaver_abap_application_serversap netweaver abap application servereq-

CPE	Name	Operator	Version
sap:netweaver_abap_application_server	sap netweaver abap application server	eq	-

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/302

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009

www.securityfocus.com/bid/67108

service.sap.com/sap/support/notes/1910914

7.6 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2014-3130

cvelist1 prion1