Lucene search

[email protected]CVE-2014-3133

HistoryApr 30, 2014 - 2:22 p.m.

CVE-2014-3133

2014-04-3014:22:07

CWE-264

[email protected]

web.nvd.nist.gov

sap

netweaver

java

application server

remote attackers

webdynpro

cve-2014-3133

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

Affected configurations

NVD

Node

sapnetweaver_java_application_serverMatch-

CPENameOperatorVersion
sap:netweaver_java_application_serversap netweaver java application servereq-

CPE	Name	Operator	Version
sap:netweaver_java_application_server	sap netweaver java application server	eq	-

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/301

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

www.securityfocus.com/bid/67104

service.sap.com/sap/support/notes/1922547

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2014-3133

prion1 cvelist1 nvd1