CVE-2019-0389

Опубликовано: 13 нояб. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Ссылки

https://launchpad.support.sap.com/#/notes/2814357
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2814357
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_java:7.1:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_application_server_java:7.2:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_application_server_java:7.3:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_application_server_java:7.4:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_application_server_java:7.5:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00457

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-77cc-2mff-5mxf

github

больше 3 лет назад

BDU:2020-00251