Lucene search

[email protected]CVE-2014-3133

HistoryApr 30, 2014 - 2:22 p.m.

CVE-2014-3133

2014-04-3014:22:00

CWE-264

[email protected]

web.nvd.nist.gov

sap

netweaver

java

application server

remote attackers

webdynpro

cve-2014-3133

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.9%

JSON

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

CPENameOperatorVersion
sap:netweaver_java_application_serversap netweaver java application servereq-

CPE	Name	Operator	Version
sap:netweaver_java_application_server	sap netweaver java application server	eq	-

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/301

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

www.securityfocus.com/bid/67104

service.sap.com/sap/support/notes/1922547

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2014-3133

prion1 cvelist1