CVE-2019-0389

Published: Nov 13, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Affected (6)

Products: Sap: Netweaver Application Server Java

Sap

1 product

Netweaver Application Server Java

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Java	Version 7.1
Sap Netweaver Application Server Java	Version 7.2
Sap Netweaver Application Server Java	Version 7.31
Sap Netweaver Application Server Java	Version 7.3
Sap Netweaver Application Server Java	Version 7.4
Sap Netweaver Application Server Java	Version 7.5

References (4)

https://launchpad.support.sap.com/#/notes/2814357

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2814357

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.