ID

VAR-201404-0529


CVE

CVE-2014-3129


TITLE

SAP Solution Manager Remote Information Disclosure Vulnerability

Trust: 1.1

sources: IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02753 // BID: 67147

DESCRIPTION

The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. SAP Solution Manager is a system management platform that integrates system monitoring, SAP support desktop, self-service, and ASAP implementation. Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2014-3129 // JVNDB: JVNDB-2014-002334 // CNVD: CNVD-2014-02753 // BID: 67147 // IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02753

AFFECTED PRODUCTS

vendor:sapmodel:netweaver software lifecycle managerscope:eqversion:7.1

Trust: 1.6

vendor:sapmodel:software lifecycle managerscope:eqversion:7.1

Trust: 0.8

vendor:sapmodel:solution managerscope:eqversion:7.1

Trust: 0.6

vendor:netweaver lifecycle managermodel: - scope:eqversion:7.1

Trust: 0.2

sources: IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02753 // JVNDB: JVNDB-2014-002334 // CNNVD: CNNVD-201404-607 // NVD: CVE-2014-3129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3129
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3129
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02753
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-607
value: MEDIUM

Trust: 0.6

IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2014-3129
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02753
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02753 // JVNDB: JVNDB-2014-002334 // CNNVD: CNNVD-201404-607 // NVD: CVE-2014-3129

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2014-002334 // NVD: CVE-2014-3129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-607

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201404-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002334

PATCH

title:SAP Security Note 1894049url:http://scn.sap.com/docs/DOC-8218

Trust: 0.8

title:Patch for SAP Solution Manager Remote Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/45316

Trust: 0.6

sources: CNVD: CNVD-2014-02753 // JVNDB: JVNDB-2014-002334

EXTERNAL IDS

db:NVDid:CVE-2014-3129

Trust: 2.9

db:SECTRACKid:1030157

Trust: 2.4

db:BIDid:67147

Trust: 1.9

db:CNVDid:CNVD-2014-02753

Trust: 0.8

db:CNNVDid:CNNVD-201404-607

Trust: 0.8

db:JVNDBid:JVNDB-2014-002334

Trust: 0.8

db:FULLDISCid:20140428 [ONAPSIS SECURITY ADVISORY 2014-005] INFORMATION DISCLOSURE IN SAP SOFTWARE LIFECLYCLE MANAGER

Trust: 0.6

db:IVDid:7036EAD8-1EDA-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 7036ead8-1eda-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02753 // BID: 67147 // JVNDB: JVNDB-2014-002334 // CNNVD: CNNVD-201404-607 // NVD: CVE-2014-3129

REFERENCES

url:http://seclists.org/fulldisclosure/2014/apr/294

Trust: 3.0

url:http://www.securitytracker.com/id/1030157

Trust: 2.4

url:https://service.sap.com/sap/support/notes/1894049

Trust: 1.6

url:http://scn.sap.com/docs/doc-8218

Trust: 1.6

url:http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005

Trust: 1.6

url:http://www.securityfocus.com/bid/67147

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3129

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3129

Trust: 0.8

sources: CNVD: CNVD-2014-02753 // JVNDB: JVNDB-2014-002334 // CNNVD: CNNVD-201404-607 // NVD: CVE-2014-3129

CREDITS

Nahuel D. Sánchez

Trust: 0.3

sources: BID: 67147

SOURCES

db:IVDid:7036ead8-1eda-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-02753
db:BIDid:67147
db:JVNDBid:JVNDB-2014-002334
db:CNNVDid:CNNVD-201404-607
db:NVDid:CVE-2014-3129

LAST UPDATE DATE

2024-08-14T15:03:34.197000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02753date:2014-05-06T00:00:00
db:BIDid:67147date:2014-05-14T00:41:00
db:JVNDBid:JVNDB-2014-002334date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-607date:2014-05-06T00:00:00
db:NVDid:CVE-2014-3129date:2014-05-10T04:06:31.780

SOURCES RELEASE DATE

db:IVDid:7036ead8-1eda-11e6-abef-000c29c66e3ddate:2014-05-05T00:00:00
db:CNVDid:CNVD-2014-02753date:2014-05-05T00:00:00
db:BIDid:67147date:2014-04-30T00:00:00
db:JVNDBid:JVNDB-2014-002334date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-607date:2014-04-30T00:00:00
db:NVDid:CVE-2014-3129date:2014-04-30T14:22:07.203