CVE-2019-0338

Published: Aug 14, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

Affected (4)

Products: Sap: Gateway

Sap

1 product

Gateway

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Gateway	Version 750
Sap Gateway	Version 751
Sap Gateway	Version 752
Sap Gateway	Version 753

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://launchpad.support.sap.com/#/notes/2793351

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2793351

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.