← Back

CVE-2019-0304

nvd nist
Published: Jun 12, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

Affected (24)

Sap
5 products
Advanced Business Application Programming Platform Kernel
Advanced Business Application Programming Platform Krnl32nuc
Advanced Business Application Programming Platform Krnl32uc
Advanced Business Application Programming Platform Krnl64nuc
Advanced Business Application Programming Platform Krnl64uc
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Advanced Business Application Programming Platform Kernel
Version 7.21
Advanced Business Application Programming Platform Kernel
Version 7.45
Advanced Business Application Programming Platform Kernel
Version 7.49
Advanced Business Application Programming Platform Kernel
Version 7.53
Advanced Business Application Programming Platform Kernel
Version 7.73
Sap
Advanced Business Application Programming Platform Krnl32nuc
Version 7.21
Advanced Business Application Programming Platform Krnl32nuc
Version 7.21ext
Advanced Business Application Programming Platform Krnl32nuc
Version 7.22
Advanced Business Application Programming Platform Krnl32nuc
Version 7.22ext
Sap
Advanced Business Application Programming Platform Krnl32uc
Version 7.21
Advanced Business Application Programming Platform Krnl32uc
Version 7.21ext
Advanced Business Application Programming Platform Krnl32uc
Version 7.22
Advanced Business Application Programming Platform Krnl32uc
Version 7.22ext
Sap
Advanced Business Application Programming Platform Krnl64nuc
Version 7.21
Advanced Business Application Programming Platform Krnl64nuc
Version 7.21ext
Advanced Business Application Programming Platform Krnl64nuc
Version 7.22
Advanced Business Application Programming Platform Krnl64nuc
Version 7.22ext
Advanced Business Application Programming Platform Krnl64nuc
Version 7.49
Sap
Advanced Business Application Programming Platform Krnl64uc
Version 7.21
Advanced Business Application Programming Platform Krnl64uc
Version 7.21ext
Advanced Business Application Programming Platform Krnl64uc
Version 7.22
Advanced Business Application Programming Platform Krnl64uc
Version 7.22ext
Advanced Business Application Programming Platform Krnl64uc
Version 7.49
Advanced Business Application Programming Platform Krnl64uc
Version 7.73

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.