Access Control Flaw in SAP Netweaver Business Warehouse by SAP
CVE-2014-5174

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Warehouse
Vendor: CVE Published:; 31 July 2014

Summary

The SAP Netweaver Business Warehouse component exhibits an access control vulnerability within the BW-SYS-DB-DB4 function group. This flaw permits remote authenticated users to exploit the system and potentially access sensitive information by circumventing intended authorizations. The absence of proper restrictions enables these users to engage with functions that should otherwise be protected, potentially leading to significant data exposure. Organizations utilizing these systems should explore implementing appropriate security measures to mitigate these risks.

References

http://www.onapsis.com/resources/get.php?resid=adv_onapsi...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/94921

vdb-entryx_refsource_XF

http://scn.sap.com/docs/DOC-8218

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 31, 2014
Vulnerability Reserved
Jul 31, 2014