VAR-201406-0216
Vulnerability from variot - Updated: 2025-04-13 23:05The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0216",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oil industry solution traders and schedulers workbench",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "trader\u0027s and scheduler\u0027s workbench for oil \u0026 gas",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "sap",
"scope": null,
"trust": 0.6,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:oil_industry_solution_traders_and_schedulers_workbench",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergio Abraham",
"sources": [
{
"db": "BID",
"id": "67920"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4006",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-03665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4006",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4006",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03665",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-121",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SAP Trader\u0027s and Scheduler\u0027s Workbench (TSW) for SAP Oil \u0026 Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world\u0027s leading provider of enterprise management software solutions. SAP\u0027s multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4006"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "BID",
"id": "67920"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4006",
"trust": 2.7
},
{
"db": "BID",
"id": "67920",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-03665",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140606 [ONAPSIS SECURITY ADVISORIES] MULTIPLE HARD-CODED USERNAMES IN SAP COMPONENTS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"id": "VAR-201406-0216",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
}
]
},
"last_update_date": "2025-04-13T23:05:00.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 1920323",
"trust": 0.8,
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"title": "Patch for information disclosure vulnerabilities in multiple SAP component built-in usernames",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/46415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://seclists.org/fulldisclosure/2014/jun/36"
},
{
"trust": 2.4,
"url": "http://www.layersevensecurity.com/docs/layer%20seven%20security_advisory_february%202014.pdf"
},
{
"trust": 1.6,
"url": "https://service.sap.com/sap/support/notes/1920323"
},
{
"trust": 1.6,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67920"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4006"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4006"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"date": "2014-06-06T00:00:00",
"db": "BID",
"id": "67920"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"date": "2014-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"date": "2014-06-09T20:55:09.107000",
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"date": "2014-06-11T00:02:00",
"db": "BID",
"id": "67920"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002810"
},
{
"date": "2014-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-121"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Trader\u0027s and Scheduler\u0027s Workbench for Oil \u0026 Gas Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-121"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…