← Back

CVE-2019-0282

nvd nist
Published: Apr 10, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.

Affected (6)

Sap
1 product
Netweaver Process Integration
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Process Integration
Version 7.10
Netweaver Process Integration
Version 7.11
Netweaver Process Integration
Version 7.30
Netweaver Process Integration
Version 7.31
Netweaver Process Integration
Version 7.40
Netweaver Process Integration
Version 7.50

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.