← Back

CVE-2019-0255

nvd nist
Published: Feb 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

Affected (6)

Sap
3 products
Advanced Business Application Programming Platform Kernel
Advanced Business Application Programming Platform Krnl64nuc
Advanced Business Application Programming Platform Krnl64uc
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Advanced Business Application Programming Platform Kernel
Version 7.73
Advanced Business Application Programming Platform Kernel
Version 7.74
Advanced Business Application Programming Platform Kernel
Version 7.75.
Advanced Business Application Programming Platform Krnl64nuc
Version 7.74
Sap
Advanced Business Application Programming Platform Krnl64uc
Version 7.73
Advanced Business Application Programming Platform Krnl64uc
Version 7.74

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.