Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mxh7-rq99-375w

Опубликовано: 14 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.1

Описание

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

Ссылки

EPSS

Процентиль: 56%
0.0034
Низкий

8.1 High

CVSS3

CVE ID

CVE-2019-0255

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2019-0255

CVSS3: 8.1
nvd
почти 7 лет назад

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

fstec логотип

BDU:2019-01366

CVSS3: 7.1
fstec
почти 7 лет назад

Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 56%
0.0034
Низкий

8.1 High

CVSS3

CVE ID

CVE-2019-0255

Дефекты

CWE-20