CVE-2019-0351

Published: Aug 14, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.

Affected (6)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Version 7.10
Sap Netweaver	Version 7.20
Sap Netweaver	Version 7.30
Sap Netweaver	Version 7.31
Sap Netweaver	Version 7.40
Sap Netweaver	Version 7.50

References (4)

https://launchpad.support.sap.com/#/notes/2800779

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2800779

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.