exploitDog

CVE-2019-0403

Опубликовано: 11 дек. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

Ссылки

https://launchpad.support.sap.com/#/notes/2845183
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2845183
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:enable_now:*:*:*:*:*:*:*:*

Версия до 1911 (исключая)

EPSS

Процентиль: 91%

0.06684

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-jpvg-r6vh-56w3

github

больше 3 лет назад

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

EPSS

Процентиль: 91%

0.06684

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236