CVE-2014-5175
First published: Thu Jul 31 2014(Updated: )
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Solution Manager | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scn.sap.com/docs/DOC-8218
- http://seclists.org/fulldisclosure/2014/Jul/151
- http://secunia.com/advisories/59548
- http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-023
- http://www.securityfocus.com/bid/68949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94932
- https://service.sap.com/sap/support/notes/1778940
Frequently Asked Questions
What is the severity of CVE-2014-5175?
CVE-2014-5175 is considered a high severity vulnerability due to its potential to allow remote attackers to bypass authentication.
How do I fix CVE-2014-5175?
To fix CVE-2014-5175, it is recommended to apply the latest patches from SAP for Solution Manager 7.1.
What systems are affected by CVE-2014-5175?
CVE-2014-5175 affects SAP Solution Manager version 7.1.
What types of attacks can exploit CVE-2014-5175?
CVE-2014-5175 can be exploited through a verb tampering attack.
Can CVE-2014-5175 lead to unauthorized access?
Yes, CVE-2014-5175 can lead to unauthorized access due to the authentication bypass capability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver solution manager
- version/sap netweaver solution manager/7.1