What is the severity of CVE-2014-0984?

CVE-2014-0984 is considered a high severity vulnerability due to the ease with which attackers can exploit it using brute-force techniques.

How do I fix CVE-2014-0984?

To fix CVE-2014-0984, it is recommended to upgrade to the latest patched version of SAP Router that addresses this vulnerability.

What software versions are affected by CVE-2014-0984?

CVE-2014-0984 affects SAP Router versions 710-029, 720-411, and 721-117 and earlier.

What type of attack does CVE-2014-0984 enable?

CVE-2014-0984 enables remote attackers to conduct brute-force attacks on the password validation of route permissions.

Is CVE-2014-0984 still a concern in current environments?

Yes, CVE-2014-0984 remains a concern for environments using affected versions of SAP Router that have not been updated.

Vulnerability/
CVE-2014-0984

medium

4.3

CWE

264

17/4/2014

6/8/2024

CVE-2014-0984

First published: Thu Apr 17 2014(Updated: )

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SAP Router	=710-029
SAP Router	=720-411
SAP Router	=721-117

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0984?
CVE-2014-0984 is considered a high severity vulnerability due to the ease with which attackers can exploit it using brute-force techniques.
How do I fix CVE-2014-0984?
To fix CVE-2014-0984, it is recommended to upgrade to the latest patched version of SAP Router that addresses this vulnerability.
What software versions are affected by CVE-2014-0984?
CVE-2014-0984 affects SAP Router versions 710-029, 720-411, and 721-117 and earlier.
What type of attack does CVE-2014-0984 enable?
CVE-2014-0984 enables remote attackers to conduct brute-force attacks on the password validation of route permissions.
Is CVE-2014-0984 still a concern in current environments?
Yes, CVE-2014-0984 remains a concern for environments using affected versions of SAP Router that have not been updated.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/sap
canonical/sap router
version/sap router/710-029
version/sap router/720-411
version/sap router/721-117

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2014-0984?
CVE-2014-0984 is considered a high severity vulnerability due to the ease with which attackers can exploit it using brute-force techniques.
How do I fix CVE-2014-0984?
To fix CVE-2014-0984, it is recommended to upgrade to the latest patched version of SAP Router that addresses this vulnerability.
What software versions are affected by CVE-2014-0984?
CVE-2014-0984 affects SAP Router versions 710-029, 720-411, and 721-117 and earlier.
What type of attack does CVE-2014-0984 enable?
CVE-2014-0984 enables remote attackers to conduct brute-force attacks on the password validation of route permissions.
Is CVE-2014-0984 still a concern in current environments?
Yes, CVE-2014-0984 remains a concern for environments using affected versions of SAP Router that have not been updated.