CVE-2014-3133

Sažetak

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

Reference

http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Apr/301
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008
http://www.securityfocus.com/bid/67104
https://service.sap.com/sap/support/notes/1922547

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-05-2014 - 04:06

Objavljeno

30-04-2014 - 14:22