Lucene search

[email protected]CVE-2014-4159

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2014-4159

2014-06-1314:55:17

[email protected]

web.nvd.nist.gov

sap

srm

open redirect

vulnerability

phishing

nvd

cve-2014-4159

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.1%

JSON

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

Affected configurations

NVD

Node

sapsupplier_relationship_managementMatch-

CPENameOperatorVersion
sap:supplier_relationship_managementsap supplier relationship managementeq-

CPE	Name	Operator	Version
sap:supplier_relationship_management	sap supplier relationship management	eq	-

References

blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html

scn.sap.com/docs/DOC-8218

www.securityfocus.com/bid/67997

service.sap.com/sap/support/notes/1946420

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2014-4159

cvelist1 prion1 nvd1