Lucene search

[email protected]CVE-2014-3130

HistoryApr 30, 2014 - 2:22 p.m.

CVE-2014-3130

2014-04-3014:22:07

CWE-264

[email protected]

web.nvd.nist.gov

abap help

documentation

translation tools

basis

sap netweaver

abap application server

cve-2014-3130

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.

Affected configurations

NVD

Node

sapnetweaver_abap_application_serverMatch-

CPENameOperatorVersion
sap:netweaver_abap_application_serversap netweaver abap application servereq-

CPE	Name	Operator	Version
sap:netweaver_abap_application_server	sap netweaver abap application server	eq	-

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/302

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009

www.securityfocus.com/bid/67108

service.sap.com/sap/support/notes/1910914

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-3130

prion1 cvelist1 nvd1