CVE-2019-0315

Published: Jun 12, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.

Affected (7)

Products: Sap: Netweaver Process Integration

Sap

1 product

Netweaver Process Integration

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Process Integration	Version 7.10
Sap Netweaver Process Integration	Version 7.11
Sap Netweaver Process Integration	Version 7.20
Sap Netweaver Process Integration	Version 7.30
Sap Netweaver Process Integration	Version 7.31
Sap Netweaver Process Integration	Version 7.40
Sap Netweaver Process Integration	Version 7.50

References (4)

https://launchpad.support.sap.com/#/notes/2755438

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2755438

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.