PT-2014-1224 · Sap · Sap Cua+1
Published
2014-03-21
·
Updated
2014-05-20
·
CVE-2014-3787
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver versions 7.20 and earlier
Description
The issue allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables. This can be exploited by attackers to gain unauthorized access to sensitive data in the central SAP CUA system.
Recommendations
For SAP NetWeaver versions 7.20 and earlier, consider restricting access to the SAP CUA tables until a fix is available. As a temporary workaround, limit the privileges of remote users to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Cua
Sap Netweaver