CVE-2014-4006

Опубликовано: 09 июн. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

Ссылки

http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Jun/36
http://www.layersevensecurity.com/docs/Layer%20Seven%20Security_Advisory_February%202014.pdf
http://www.securityfocus.com/bid/67920
https://service.sap.com/sap/support/notes/1920323
http://scn.sap.com/docs/DOC-8218
http://seclists.org/fulldisclosure/2014/Jun/36
http://www.layersevensecurity.com/docs/Layer%20Seven%20Security_Advisory_February%202014.pdf
http://www.securityfocus.com/bid/67920
https://service.sap.com/sap/support/notes/1920323

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:oil_industry_solution_traders_and_schedulers_workbench:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00357

Низкий

5 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-r2qv-gh96-r8cc

github

больше 3 лет назад