CVE-2019-0278

Published: Apr 10, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

Affected (7)

Products: Sap: Netweaver Process Integration

Sap

1 product

Netweaver Process Integration

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Process Integration	Version 7.10
Sap Netweaver Process Integration	Version 7.11
Sap Netweaver Process Integration	Version 7.20
Sap Netweaver Process Integration	Version 7.30
Sap Netweaver Process Integration	Version 7.31
Sap Netweaver Process Integration	Version 7.40
Sap Netweaver Process Integration	Version 7.50

References (4)

https://launchpad.support.sap.com/#/notes/2741201

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2741201

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.