Sign-up

ID

VAR-201402-0436


TITLE

SAP Solution Manager Security Bypass Vulnerability

Trust: 0.8

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01008

DESCRIPTION

SAP Solution Manager is a system management platform that integrates system monitoring, SAP support desktop, self-service, and ASAP implementation. The SAP Solution Manager application failed to properly verify validation, allowing remote attackers to exploit vulnerabilities to bypass sensitive restrictions and obtain sensitive information

Trust: 0.72

sources: CNVD: CNVD-2014-01008 // IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01008

AFFECTED PRODUCTS

vendor:sapmodel:solution managerscope:eqversion:7.x

Trust: 0.8

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01008

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-01008
value: MEDIUM

Trust: 0.6

IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2014-01008
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01008

TYPE

Access verification error

Trust: 0.2

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d

PATCH

title:SAP Solution Manager security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/43677

Trust: 0.6

sources: CNVD: CNVD-2014-01008

EXTERNAL IDS

db:CNVDid:CNVD-2014-01008

Trust: 0.8

db:IVDid:4F42F716-1EEB-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 4f42f716-1eeb-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01008

REFERENCES

url:http://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/

Trust: 0.6

sources: CNVD: CNVD-2014-01008

SOURCES

db:IVDid:4f42f716-1eeb-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01008

LAST UPDATE DATE

2022-05-17T02:00:02.726000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-01008date:2014-02-18T00:00:00

SOURCES RELEASE DATE

db:IVDid:4f42f716-1eeb-11e6-abef-000c29c66e3ddate:2014-02-18T00:00:00
db:CNVDid:CNVD-2014-01008date:2014-02-18T00:00:00