CVE-2019-0381

Published: Oct 8, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

Affected (4)

Products: Sap: Dynamic Tier, Sap Iq, Sql Anywhere

3 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Dynamic Tier	Version 1.0
Sap Dynamic Tier	Version 2.0
Sap Sap Iq	Version 16.1
Sap Sql Anywhere	Version 17.0

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

https://launchpad.support.sap.com/#/notes/2792430

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2792430

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.