CVE-2019-0255

Опубликовано: 15 фев. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

Ссылки

http://www.securityfocus.com/bid/106987
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2723570
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
Vendor Advisory
http://www.securityfocus.com/bid/106987
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2723570
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.74:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-mxh7-rq99-375w

CVSS3: 8.1

github

больше 3 лет назад

BDU:2019-01366

CVSS3: 7.1

fstec

почти 7 лет назад

Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю повысить свои привилегии