CVE-2014-8312 : Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticate

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.

Published 2014-10-16 19:55:20

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-8312

SAP » Netweaver Abap » Version: 7.31
cpe:2.3:a:sap:netweaver_abap:7.31:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8312

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8312

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-8312

http://scn.sap.com/docs/DOC-8218

Acknowledgments to Security Researchers - Security and Identity Management - SCN Wiki
Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2014/Oct/38

Full Disclosure: [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033

Page Not Found | Onapsis
https://service.sap.com/sap/support/notes/1967780

Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96877

SAP Business Warehouse security bypass CVE-2014-8312 Vulnerability Report
http://secunia.com/advisories/61101

Sign in
http://www.securityfocus.com/archive/1/533645/100/0/threaded

SecurityFocus
http://www.securityfocus.com/bid/70292

SAP NetWeaver Business Warehouse Access Bypass Vulnerability
http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html

SAP Business Warehouse Missing Authorization Check ≈ Packet Storm

Jump to

Vulnerability Details : CVE-2014-8312

Products affected by CVE-2014-8312

Exploit prediction scoring system (EPSS) score for CVE-2014-8312

CVSS scores for CVE-2014-8312

References for CVE-2014-8312