Details of VAR-201404-0672

ID

VAR-201404-0672

CVE

CVE-2014-2752

TITLE

SAP Business Object Processing Framework for ABAP Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2014-001965

DESCRIPTION

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

Trust: 2.7

sources: NVD: CVE-2014-2752 // JVNDB: JVNDB-2014-001965 // CNVD: CNVD-2014-02551 // BID: 67011 // IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // VULMON: CVE-2014-2752

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02551

AFFECTED PRODUCTS

vendor:	sap	model:	business object processing framework for abap	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	business object processing framework for abap	scope:	-	version:	-	Trust: 1.4
vendor:	sap	model:	business object processing framework for abap	scope:	eq	version:	0	Trust: 0.3
vendor:	business object processing framework for abap	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02551 // BID: 67011 // JVNDB: JVNDB-2014-001965 // CNNVD: CNNVD-201404-140 // NVD: CVE-2014-2752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2752
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2752
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-02551
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-140
value:	HIGH
Trust: 0.6
IVD:	7a9576e6-1edc-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULMON:	CVE-2014-2752
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2752
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-02551
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7a9576e6-1edc-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02551 // VULMON: CVE-2014-2752 // JVNDB: JVNDB-2014-001965 // CNNVD: CNNVD-201404-140 // NVD: CVE-2014-2752

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2014-001965 // NVD: CVE-2014-2752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-140

TYPE

Trust management

Trust: 0.8

sources: IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-140

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001965

PATCH

title:

Top Page

url:

http://www.sap.com/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-001965

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2752	Trust: 3.6
db:	SECUNIA	id:	57736	Trust: 1.1
db:	CNVD	id:	CNVD-2014-02551	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-140	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001965	Trust: 0.8
db:	OSVDB	id:	105671	Trust: 0.6
db:	BID	id:	67011	Trust: 0.3
db:	IVD	id:	7A9576E6-1EDC-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2014-2752	Trust: 0.1

sources: IVD: 7a9576e6-1edc-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02551 // VULMON: CVE-2014-2752 // BID: 67011 // JVNDB: JVNDB-2014-001965 // CNNVD: CNNVD-201404-140 // NVD: CVE-2014-2752

REFERENCES

url:	http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003	Trust: 2.8
url:	http://www.onapsis.com/research-advisories.php	Trust: 2.5
url:	http://secunia.com/advisories/57736	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2752	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2752	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105671	Trust: 0.6
url:	http://scn.sap.com/community/abap/bopf	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2014-02551 // VULMON: CVE-2014-2752 // BID: 67011 // JVNDB: JVNDB-2014-001965 // CNNVD: CNNVD-201404-140 // NVD: CVE-2014-2752

CREDITS

Sergio Abraham

Trust: 0.3

sources: BID: 67011

SOURCES

db:	IVD	id:	7a9576e6-1edc-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02551
db:	VULMON	id:	CVE-2014-2752
db:	BID	id:	67011
db:	JVNDB	id:	JVNDB-2014-001965
db:	CNNVD	id:	CNNVD-201404-140
db:	NVD	id:	CVE-2014-2752

LAST UPDATE DATE

2025-04-13T23:36:36.064000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02551	date:	2014-04-21T00:00:00
db:	VULMON	id:	CVE-2014-2752	date:	2014-06-18T00:00:00
db:	BID	id:	67011	date:	2013-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001965	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-140	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2752	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	7a9576e6-1edc-11e6-abef-000c29c66e3d	date:	2014-04-21T00:00:00
db:	CNVD	id:	CNVD-2014-02551	date:	2014-04-21T00:00:00
db:	VULMON	id:	CVE-2014-2752	date:	2014-04-10T00:00:00
db:	BID	id:	67011	date:	2013-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2014-001965	date:	2014-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-140	date:	2014-04-14T00:00:00
db:	NVD	id:	CVE-2014-2752	date:	2014-04-10T20:55:14.367