Sign-up

ID

VAR-201402-0237


CVE

CVE-2014-1961


TITLE

SAP NetWeaver of Portal WebDynPro Vulnerabilities in which important path information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-001411

DESCRIPTION

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There are several vulnerabilities in SAP NetWeaver: 1. 2, the message server has an unspecified error, allowing the attacker to exploit the vulnerability to crash the server. 3. 4. SAP NetWeaver is prone to multiple security vulnerabilities, including: 1. An information-disclosure vulnerability 2. Multiple cross-site scripting vulnerabilities 3. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.61

sources: NVD: CVE-2014-1961 // JVNDB: JVNDB-2014-001411 // CNVD: CNVD-2014-01007 // BID: 65547 // IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01007

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion: -

Trust: 1.6

vendor:sapmodel:netweaverscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:7.x

Trust: 0.6

vendor:sapmodel:netweaverscope:eqversion:0

Trust: 0.3

vendor:netweavermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01007 // BID: 65547 // JVNDB: JVNDB-2014-001411 // CNNVD: CNNVD-201402-204 // NVD: CVE-2014-1961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1961
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1961
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-01007
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-204
value: MEDIUM

Trust: 0.6

IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2014-1961
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01007
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01007 // JVNDB: JVNDB-2014-001411 // CNNVD: CNNVD-201402-204 // NVD: CVE-2014-1961

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-1961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-204

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 65547

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001411

PATCH
title:SAP Security Note 1852146url:http://scn.sap.com/docs/DOC-8218
Trust: 0.8
title:SAP NetWeaver has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/43676
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01007 // 
            
            
            
            JVNDB: JVNDB-2014-001411

EXTERNAL IDS
db:NVDid:CVE-2014-1961
Trust: 3.2
db:SECUNIAid:56947
Trust: 1.6
db:BIDid:65547
Trust: 0.9
db:CNVDid:CNVD-2014-01007
Trust: 0.8
db:CNNVDid:CNNVD-201402-204
Trust: 0.8
db:JVNDBid:JVNDB-2014-001411
Trust: 0.8
db:IVDid:5150A9F4-1EEB-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 5150a9f4-1eeb-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-01007 // 
            
            
            
            BID: 65547 // 
            
            
            
            JVNDB: JVNDB-2014-001411 // 
            
            
            
            CNNVD: CNNVD-201402-204 // 
            
            
            
            NVD: CVE-2014-1961

REFERENCES
url:http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/
Trust: 2.0
url:https://service.sap.com/sap/support/notes/1852146
Trust: 1.6
url:http://secunia.com/advisories/56947
Trust: 1.6
url:http://scn.sap.com/docs/doc-8218
Trust: 1.6
url:https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/91096
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1961
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1961
Trust: 0.8
url:http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/
Trust: 0.6
url:http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/
Trust: 0.6
url:http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/
Trust: 0.6
url:http://www.sap.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01007 // 
            
            
            
            BID: 65547 // 
            
            
            
            JVNDB: JVNDB-2014-001411 // 
            
            
            
            CNNVD: CNNVD-201402-204 // 
            
            
            
            NVD: CVE-2014-1961

CREDITS
Alexander Polyakov, George Nosenko and Dmitry Chastukhin
Trust: 0.3
sources:
            
            
            BID: 65547

SOURCES
db:IVDid:5150a9f4-1eeb-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01007
db:BIDid:65547
db:JVNDBid:JVNDB-2014-001411
db:CNNVDid:CNNVD-201402-204
db:NVDid:CVE-2014-1961

LAST UPDATE DATE
2024-11-23T22:23:07.848000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01007date:2014-02-18T00:00:00
db:BIDid:65547date:2014-02-01T00:00:00
db:JVNDBid:JVNDB-2014-001411date:2014-02-19T00:00:00
db:CNNVDid:CNNVD-201402-204date:2014-02-18T00:00:00
db:NVDid:CVE-2014-1961date:2024-11-21T02:05:21.497

SOURCES RELEASE DATE
db:IVDid:5150a9f4-1eeb-11e6-abef-000c29c66e3ddate:2014-02-18T00:00:00
db:CNVDid:CNVD-2014-01007date:2014-02-18T00:00:00
db:BIDid:65547date:2014-02-01T00:00:00
db:JVNDBid:JVNDB-2014-001411date:2014-02-19T00:00:00
db:CNNVDid:CNNVD-201402-204date:2014-02-18T00:00:00
db:NVDid:CVE-2014-1961date:2014-02-14T15:55:07.470