← Back

CVE-2019-0349

nvd nist
Published: Aug 14, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

Affected (10)

Sap
1 product
Advanced Business Application Programming Platform Kernel
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Advanced Business Application Programming Platform Kernel
Version 7.21
Advanced Business Application Programming Platform Kernel
Version 7.21ext
Advanced Business Application Programming Platform Kernel
Version 7.22
Advanced Business Application Programming Platform Kernel
Version 7.22ext
Advanced Business Application Programming Platform Kernel
Version 7.49
Advanced Business Application Programming Platform Kernel
Version 7.53
Advanced Business Application Programming Platform Kernel
Version 7.73
Advanced Business Application Programming Platform Kernel
Version 7.75
Advanced Business Application Programming Platform Kernel
Version 7.76
Advanced Business Application Programming Platform Kernel
Version 7.77

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.