Lucene search

[email protected]CVE-2014-5175

HistoryJul 31, 2014 - 2:55 p.m.

CVE-2014-5175

2014-07-3114:55:04

CWE-287

[email protected]

web.nvd.nist.gov

sap solution manager

license measurement

servlet

authentication bypass

cve-2014-5175

nvd

sap_jtechs

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.

Affected configurations

NVD

Node

sapsolution_managerMatch7.1

CPENameOperatorVersion
sap:solution_managersap solution managereq7.1

CPE	Name	Operator	Version
sap:solution_manager	sap solution manager	eq	7.1

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Jul/151

secunia.com/advisories/59548

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-023

www.securityfocus.com/bid/68949

exchange.xforce.ibmcloud.com/vulnerabilities/94932

service.sap.com/sap/support/notes/1778940

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2014-5175

prion1 nvd1 cvelist1