CVE-2014-4010
Description
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:sap:transaction_data_pool:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:transaction_data_pool:-:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
Root cause
"Hardcoded credentials embedded in the SAP Transaction Data Pool component allow unauthorized access."
Attack vector
The component contains hardcoded credentials (CWE-798) that an attacker can leverage to gain unauthorized access [ref_id=1]. The advisory does not specify the exact attack vector, but notes a CVSS v2 score of 6.0 with vector (AV:N/AC:M/AU:S/C:P/I:P/A:P), indicating network-based access with medium complexity and some required authentication [ref_id=1]. The unspecified vectors likely involve using the embedded credentials to authenticate to the Transaction Data Pool service.
Affected code
The advisory identifies "SAP Transaction Data Pool" as the affected component [ref_id=1]. No specific function names, file paths, or code locations are disclosed in the advisory. The fix is referenced as SAP Note 1795463, but the note content is not included in the bundle.
What the fix does
The advisory references SAP Note 1795463 as the fix, but the note content is not included in the bundle [ref_id=1]. No patch diff is available for analysis. The remediation guidance from the advisory is to apply the referenced SAP Note, which presumably removes or secures the hardcoded credentials.
Preconditions
- networkAttacker must have network access to the SAP Transaction Data Pool component
- authThe advisory notes medium attack complexity and some required authentication (CVSS AU:S)
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.