Published: 19/05/2014 Updated: 20/05/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SAP NetWeaver 7.20 and previous versions allows remote malicious users to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.02
sap netweaver 7.0
sap netweaver 7.01
sap netweaver
sap netweaver 7.10
sap netweaver 7.03

SAP NetWeaver flaw spews user tables

The Register • Darren Pauli • 29 May 2014

Patch issued but Ruskies keep details under wraps

Russian security researchers have reported a vulnerability in SAP NetWeaver which could allow attackers to gain access to Central User Administration tables. Details on the vulnerability (CVE-2014-3787) in the service-oriented and integration platform were kept under wraps by security firm PT Security which conducted regular tests on SAP kit. The Central User Administration feature streamlined management of multiple users accounts that were managed on different clients. SAP was among the most po...

CVE-2014-3787

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect