Details of VAR-201404-0671

ID

VAR-201404-0671

CVE

CVE-2014-2751

TITLE

SAP Print and Output Management Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2014-001964

DESCRIPTION

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2014-2751 // JVNDB: JVNDB-2014-001964 // CNVD: CNVD-2014-02552 // BID: 67009 // IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02552

AFFECTED PRODUCTS

vendor:	sap	model:	print and output management	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	print and output management	scope:	-	version:	-	Trust: 1.4
vendor:	sap	model:	print and output management	scope:	eq	version:	0	Trust: 0.3
vendor:	print and output management	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02552 // BID: 67009 // JVNDB: JVNDB-2014-001964 // CNNVD: CNNVD-201404-139 // NVD: CVE-2014-2751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2751
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2751
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-02552
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-139
value:	HIGH
Trust: 0.6
IVD:	7bc6a0e4-1edc-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2014-2751
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02552
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7bc6a0e4-1edc-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02552 // JVNDB: JVNDB-2014-001964 // CNNVD: CNNVD-201404-139 // NVD: CVE-2014-2751

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2014-001964 // NVD: CVE-2014-2751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-139

TYPE

Trust management

Trust: 0.8

sources: IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-139

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001964

PATCH

title:

Top Page

url:

http://www.sap.com/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-001964

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2751	Trust: 3.5
db:	SECUNIA	id:	57737	Trust: 1.0
db:	BID	id:	67009	Trust: 0.9
db:	CNVD	id:	CNVD-2014-02552	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-139	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001964	Trust: 0.8
db:	OSVDB	id:	105670	Trust: 0.6
db:	IVD	id:	7BC6A0E4-1EDC-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 7bc6a0e4-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02552 // BID: 67009 // JVNDB: JVNDB-2014-001964 // CNNVD: CNNVD-201404-139 // NVD: CVE-2014-2751

REFERENCES

url:	http://www.onapsis.com/get.php?resid=adv_onapsis-2014-004	Trust: 2.7
url:	http://www.onapsis.com/research-advisories.php	Trust: 2.4
url:	http://secunia.com/advisories/57737	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2751	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2751	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105670	Trust: 0.6
url:	scn.sap.com/community/output-management?	Trust: 0.3

sources: CNVD: CNVD-2014-02552 // BID: 67009 // JVNDB: JVNDB-2014-001964 // CNNVD: CNNVD-201404-139 // NVD: CVE-2014-2751

CREDITS

Sergio Abraham

Trust: 0.3

sources: BID: 67009

SOURCES

db:	IVD	id:	7bc6a0e4-1edc-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02552
db:	BID	id:	67009
db:	JVNDB	id:	JVNDB-2014-001964
db:	CNNVD	id:	CNNVD-201404-139
db:	NVD	id:	CVE-2014-2751

LAST UPDATE DATE

2025-04-13T23:39:46.453000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02552	date:	2014-04-21T00:00:00
db:	BID	id:	67009	date:	2014-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-001964	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-139	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2751	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	7bc6a0e4-1edc-11e6-abef-000c29c66e3d	date:	2014-04-21T00:00:00
db:	CNVD	id:	CNVD-2014-02552	date:	2014-04-21T00:00:00
db:	BID	id:	67009	date:	2014-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-001964	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-139	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2751	date:	2014-04-10T20:55:14.337