{"api_version":"1","generated_at":"2026-06-15T02:27:42+00:00","cve":"CVE-2014-3133","urls":{"html":"https://cve.report/CVE-2014-3133","api":"https://cve.report/api/cve/CVE-2014-3133.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3133","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3133"},"summary":{"title":"CVE-2014-3133","description":"SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.","state":"PUBLISHED","assigner":"mitre","published_at":"2014-04-30 14:22:07","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://service.sap.com/sap/support/notes/1922547","name":"https://service.sap.com/sap/support/notes/1922547","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/67104","name":"http://www.securityfocus.com/bid/67104","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SAP NetWeaver Portal WD Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2014/Apr/301","name":"http://seclists.org/fulldisclosure/2014/Apr/301","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Full Disclosure: [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://scn.sap.com/docs/DOC-8218","name":"http://scn.sap.com/docs/DOC-8218","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Acknowledgments to Security Researchers | SCN","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008","name":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Page Not Found | Onapsis","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3133","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3133","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"netweaver_java_application_server","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T10:35:56.181Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2014/Apr/301"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"},{"name":"67104","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/67104"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://scn.sap.com/docs/DOC-8218"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://service.sap.com/sap/support/notes/1922547"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-04-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-05-05T16:57:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2014/Apr/301"},{"tags":["x_refsource_MISC"],"url":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"},{"name":"67104","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/67104"},{"tags":["x_refsource_CONFIRM"],"url":"http://scn.sap.com/docs/DOC-8218"},{"tags":["x_refsource_CONFIRM"],"url":"https://service.sap.com/sap/support/notes/1922547"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-3133","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2014/Apr/301"},{"name":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008","refsource":"MISC","url":"http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008"},{"name":"67104","refsource":"BID","url":"http://www.securityfocus.com/bid/67104"},{"name":"http://scn.sap.com/docs/DOC-8218","refsource":"CONFIRM","url":"http://scn.sap.com/docs/DOC-8218"},{"name":"https://service.sap.com/sap/support/notes/1922547","refsource":"CONFIRM","url":"https://service.sap.com/sap/support/notes/1922547"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2014-3133","datePublished":"2014-04-30T14:00:00.000Z","dateReserved":"2014-04-30T00:00:00.000Z","dateUpdated":"2024-08-06T10:35:56.181Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-04-30 14:22:07","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_java_application_server:-:*:*:*:*:*:*:*","matchCriteriaId":"4BC67018-106D-4103-83FB-FEC80496F14D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3133","Ordinal":"1","Title":"CVE-2014-3133","CVE":"CVE-2014-3133","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3133","Ordinal":"1","NoteData":"SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.","Type":"Description","Title":"CVE-2014-3133"},{"CveYear":"2014","CveId":"3133","Ordinal":"2","NoteData":"2014-04-30","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3133","Ordinal":"3","NoteData":"2014-05-05","Type":"Other","Title":"Modified"}]}}}