CVE-2014-3133

2014-04-3014:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

References

scn.sap.com/docs/DOC-8218

seclists.org/fulldisclosure/2014/Apr/301

www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

www.securityfocus.com/bid/67104

service.sap.com/sap/support/notes/1922547