CVE-2014-3133
First published: Wed Apr 30 2014(Updated: )
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Java Application Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3133?
The severity of CVE-2014-3133 is classified as medium, indicating a potential for unauthorized access to sensitive information.
How do I fix CVE-2014-3133?
To fix CVE-2014-3133, ensure your SAP Netweaver Java Application Server is updated to the latest version that addresses the access restriction issue.
What impact does CVE-2014-3133 have on SAP systems?
CVE-2014-3133 allows remote attackers to obtain a list of SAP systems registered on the Software Life Cycle Management, potentially exposing sensitive infrastructure information.
Who is affected by CVE-2014-3133?
CVE-2014-3133 affects users and administrators of the SAP Netweaver Java Application Server who have not implemented the necessary security controls.
Is CVE-2014-3133 exploitable remotely?
Yes, CVE-2014-3133 is exploitable remotely, allowing attackers to access sensitive system information without requiring local network access.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver java application server