← Back

CVE-2019-0270

nvd nist
Published: Mar 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.

Affected (29)

Sap
5 products
Advanced Business Application Programming Platform Kernel
Advanced Business Application Programming Platform Krnl32nuc
Advanced Business Application Programming Platform Krnl32uc
Advanced Business Application Programming Platform Krnl64nuc
Advanced Business Application Programming Platform Krnl64uc
Configuration A
29 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Advanced Business Application Programming Platform Kernel
Version 7.15
Advanced Business Application Programming Platform Kernel
Version 7.21
Advanced Business Application Programming Platform Kernel
Version 7.22
Advanced Business Application Programming Platform Kernel
Version 7.49
Advanced Business Application Programming Platform Kernel
Version 7.53
Advanced Business Application Programming Platform Kernel
Version 7.73
Advanced Business Application Programming Platform Kernel
Version 7.74
Advanced Business Application Programming Platform Kernel
Version 7.75
Advanced Business Application Programming Platform Kernel
Version 8.04
Sap
Advanced Business Application Programming Platform Krnl32nuc
Version 7.21
Advanced Business Application Programming Platform Krnl32nuc
Version 7.21ext
Advanced Business Application Programming Platform Krnl32nuc
Version 7.22
Advanced Business Application Programming Platform Krnl32nuc
Version 7.22ext
Sap
Advanced Business Application Programming Platform Krnl32uc
Version 7.21
Advanced Business Application Programming Platform Krnl32uc
Version 7.21ext
Advanced Business Application Programming Platform Krnl32uc
Version 7.22
Advanced Business Application Programming Platform Krnl32uc
Version 7.22ext
Sap
Advanced Business Application Programming Platform Krnl64nuc
Version 7.21
Advanced Business Application Programming Platform Krnl64nuc
Version 7.21ext
Advanced Business Application Programming Platform Krnl64nuc
Version 7.22
Advanced Business Application Programming Platform Krnl64nuc
Version 7.22ext
Sap
Advanced Business Application Programming Platform Krnl64uc
Version 7.21
Advanced Business Application Programming Platform Krnl64uc
Version 7.21ext
Advanced Business Application Programming Platform Krnl64uc
Version 7.22
Advanced Business Application Programming Platform Krnl64uc
Version 7.22ext
Advanced Business Application Programming Platform Krnl64uc
Version 7.49
Advanced Business Application Programming Platform Krnl64uc
Version 7.73
Advanced Business Application Programming Platform Krnl64uc
Version 7.74
Advanced Business Application Programming Platform Krnl64uc
Version 8.04

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

Source: cna@sap.com
Third Party Advisory
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.