CVE-2019-0403

Published: Dec 11, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

Affected (1)

Products: Sap: Enable Now

Sap

1 product

Enable Now

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Enable Now	Before 1911

Related CWEs

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

References (4)

https://launchpad.support.sap.com/#/notes/2845183

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2845183

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.