CVE-2014-3133

Published: Apr 30, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.

Affected (1)

Products: Sap: Netweaver Java Application Server

Sap

1 product

Netweaver Java Application Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Java Application Server	All versions

Related CWEs

CWE-264

References (10)

http://scn.sap.com/docs/DOC-8218

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Apr/301

Source: cve@mitre.org

http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008

Source: cve@mitre.org

http://www.securityfocus.com/bid/67104

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1922547

Source: cve@mitre.org

http://scn.sap.com/docs/DOC-8218