CVE-2014-3133
Summary
| CVE | CVE-2014-3133 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-30 14:22:07 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Java Application Server | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| service.sap.com/sap/support/notes/1922547 | af854a3a-2127-422b-91ae-364da2661108 | service.sap.com | |
| SAP NetWeaver Portal WD Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Full Disclosure: [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| Acknowledgments to Security Researchers | SCN | af854a3a-2127-422b-91ae-364da2661108 | scn.sap.com | |
| Page Not Found | Onapsis | af854a3a-2127-422b-91ae-364da2661108 | www.onapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.