Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3133

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-3133
Last Modified 10 May 2014 12:06:32
Published 30 Apr 2014 10:22:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-3133

Summary

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

Vulnerable Systems

Application

  • Sap Netweaver Java Application Server -


References

CONFIRM - https://service.sap.com/sap/support/notes/1922547

MISC - http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

FULLDISC - 20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure

CONFIRM - http://scn.sap.com/docs/DOC-8218

BID - 67104


Last Updated: 27 May 2016 11:05:09