Vulnerability Details : CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Exploit prediction scoring system (EPSS) score for CVE-2014-8312
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8312
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
References for CVE-2014-8312
-
http://scn.sap.com/docs/DOC-8218
Acknowledgments to Security Researchers - Security and Identity Management - SCN WikiVendor Advisory
-
http://seclists.org/fulldisclosure/2014/Oct/38
Full Disclosure: [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
-
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033
Page Not Found | Onapsis
-
https://service.sap.com/sap/support/notes/1967780
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96877
SAP Business Warehouse security bypass CVE-2014-8312 Vulnerability Report
-
http://www.securityfocus.com/archive/1/533645/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/70292
SAP NetWeaver Business Warehouse Access Bypass Vulnerability
-
http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html
SAP Business Warehouse Missing Authorization Check ≈ Packet Storm
Products affected by CVE-2014-8312
- cpe:2.3:a:sap:netweaver_abap:7.31:*:*:*:*:*:*:*