PT-2014-5108 · Sap · Sap Netweaver Application Server Java

Published

2014-04-30

Updated

2014-05-10

CVE-2014-3133

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP Netweaver Java Application Server (affected versions not specified)

Description The issue is related to improper access restriction in the SAP Netweaver Java Application Server, allowing remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, specifically related to SystemSelection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-3133

Affected Products

Sap Netweaver Application Server Java

PT-2014-5108 · Sap · Sap Netweaver Application Server Java

CVE-2014-3133

Weakness Enumeration

Related Identifiers

Affected Products

References · 6