VAR-201406-0219
Vulnerability from variot - Updated: 2025-04-13 23:05SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world's leading provider of enterprise management software solutions. SAP's multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "computing center management system monitoring",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "computing center management system monitoring",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "sap",
"scope": null,
"trust": 0.6,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:computing_center_management_system_monitoring",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergio Abraham",
"sources": [
{
"db": "BID",
"id": "67920"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-03665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4009",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4009",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03665",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-124",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-4009",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. SAP is the world\u0027s leading provider of enterprise management software solutions. SAP\u0027s multiple components have hard-coded usernames that allow attackers to exploit vulnerabilities to obtain sensitive information. These components include: SAP Project System SAP Structures SAP Project-Oriented Procurement SAP Brazil Specific Add-On SAP Oil Industry Solution Traders and Schedulers Workbench SAP Upgrade Tools SAP Web Services Tool SAP CCMS Monitoring SAP Transaction Data Pool SAP Capacity Leveling SAP Open Hub Service. Multiple SAP Components are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4009"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "VULMON",
"id": "CVE-2014-4009"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4009",
"trust": 2.8
},
{
"db": "BID",
"id": "67920",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-03665",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140606 [ONAPSIS SECURITY ADVISORIES] MULTIPLE HARD-CODED USERNAMES IN SAP COMPONENTS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-4009",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"id": "VAR-201406-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
}
]
},
"last_update_date": "2025-04-13T23:05:00.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 1911174",
"trust": 0.8,
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"title": "Patch for information disclosure vulnerabilities in multiple SAP component built-in usernames",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/46415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2014/jun/36"
},
{
"trust": 1.7,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 1.7,
"url": "https://service.sap.com/sap/support/notes/1911174"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/67920"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4009"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4009"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"db": "BID",
"id": "67920"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"date": "2014-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"date": "2014-06-06T00:00:00",
"db": "BID",
"id": "67920"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"date": "2014-06-09T20:55:09.307000",
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03665"
},
{
"date": "2014-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2014-4009"
},
{
"date": "2014-06-11T00:02:00",
"db": "BID",
"id": "67920"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002813"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-124"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP CCMS Monitoring Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-124"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…