Sign-up

ID

VAR-201411-0186


CVE

CVE-2014-8663


TITLE

SAP NetWeaver Business Warehouse of Data Basis In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005278

DESCRIPTION

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Trust: 1.98

sources: NVD: CVE-2014-8663 // JVNDB: JVNDB-2014-005278 // BID: 71028 // VULMON: CVE-2014-8663

AFFECTED PRODUCTS

vendor:sapmodel:netweaver business warehousescope:eqversion: -

Trust: 1.6

vendor:sapmodel:netweaver business warehousescope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver business warehousescope:eqversion:0

Trust: 0.3

sources: BID: 71028 // JVNDB: JVNDB-2014-005278 // CNNVD: CNNVD-201411-197 // NVD: CVE-2014-8663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8663
value: HIGH

Trust: 1.0

NVD: CVE-2014-8663
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201411-197
value: HIGH

Trust: 0.6

VULMON: CVE-2014-8663
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8663
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2014-8663 // JVNDB: JVNDB-2014-005278 // CNNVD: CNNVD-201411-197 // NVD: CVE-2014-8663

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2014-005278 // NVD: CVE-2014-8663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-197

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201411-197

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005278

PATCH
title:SAP Security Note 2042845url:http://scn.sap.com/docs/DOC-55451
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005278

EXTERNAL IDS
db:NVDid:CVE-2014-8663
Trust: 2.8
db:JVNDBid:JVNDB-2014-005278
Trust: 0.8
db:CNNVDid:CNNVD-201411-197
Trust: 0.6
db:BIDid:71028
Trust: 0.4
db:VULMONid:CVE-2014-8663
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8663 // 
            
            
            
            BID: 71028 // 
            
            
            
            JVNDB: JVNDB-2014-005278 // 
            
            
            
            CNNVD: CNNVD-201411-197 // 
            
            
            
            NVD: CVE-2014-8663

REFERENCES
url:http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
Trust: 2.8
url:http://service.sap.com/sap/support/notes/0001965819
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8663
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8663
Trust: 0.8
url:http://www.sap.com/india/pc/tech/data-warehousing/software/netweaver-business-warehouse/index.html
Trust: 0.3
url:http://erpscan.com/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injecti/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/71028
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8663 // 
            
            
            
            BID: 71028 // 
            
            
            
            JVNDB: JVNDB-2014-005278 // 
            
            
            
            CNNVD: CNNVD-201411-197 // 
            
            
            
            NVD: CVE-2014-8663

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 71028

SOURCES
db:VULMONid:CVE-2014-8663
db:BIDid:71028
db:JVNDBid:JVNDB-2014-005278
db:CNNVDid:CNNVD-201411-197
db:NVDid:CVE-2014-8663

LAST UPDATE DATE
2025-04-13T23:31:36.945000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2014-8663date:2014-11-07T00:00:00
db:BIDid:71028date:2014-11-06T00:00:00
db:JVNDBid:JVNDB-2014-005278date:2014-11-10T00:00:00
db:CNNVDid:CNNVD-201411-197date:2014-11-14T00:00:00
db:NVDid:CVE-2014-8663date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULMONid:CVE-2014-8663date:2014-11-06T00:00:00
db:BIDid:71028date:2014-11-06T00:00:00
db:JVNDBid:JVNDB-2014-005278date:2014-11-10T00:00:00
db:CNNVDid:CNNVD-201411-197date:2014-11-14T00:00:00
db:NVDid:CVE-2014-8663date:2014-11-06T15:55:14.430