CVE-2014-3130

EUVD-2014-3150
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_abap_application_server
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Apr/302
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009
http://www.securityfocus.com/bid/67108
https://service.sap.com/sap/support/notes/1910914
http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Apr/302
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009
http://www.securityfocus.com/bid/67108
https://service.sap.com/sap/support/notes/1910914