CVE-2019-0351 (GCVE-0-2019-0351)

Vulnerability from cvelistv5 – Published: 2019-08-14 13:57 – Updated: 2024-08-04 17:44
VLAI?
Summary
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.
Severity ?
No CVSS data available.
CWE
  • others
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver UDDI Server (Services Registry) Affected: < 7.10
Affected: < 7.20
Affected: < 7.30
Affected: < 7.31
Affected: < 7.40
Affected: < 7.50
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2800779"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver UDDI Server (Services Registry)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.10"
            },
            {
              "status": "affected",
              "version": "\u003c 7.20"
            },
            {
              "status": "affected",
              "version": "\u003c 7.30"
            },
            {
              "status": "affected",
              "version": "\u003c 7.31"
            },
            {
              "status": "affected",
              "version": "\u003c 7.40"
            },
            {
              "status": "affected",
              "version": "\u003c 7.50"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "others",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-14T13:57:00",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2800779"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver UDDI Server (Services Registry)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "7.10"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.20"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.30"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.40"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.50"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "others"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2800779",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2800779"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0351",
    "datePublished": "2019-08-14T13:57:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:44:16.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53B11A3B-C559-428C-8946-7FD9FFBFA1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"606EFE4F-57A4-44E2-A98D-F0867A658218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FECD5E96-7669-4747-80D2-27F95BF420BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F019F7F5-7740-4BD4-850F-D7A1923C6200\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo remota en SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Debido a esto, un atacante puede explotar el Services Registry potencialmente permiti\\u00e9ndoles tomar el control completo del producto, incluyendo visualizar, cambiar o eliminar datos mediante la inyecci\\u00f3n de c\\u00f3digo en la memoria de trabajo que posteriormente es ejecutada por la aplicaci\\u00f3n. Tambi\\u00e9n puede ser usada para causar un fallo general en el producto, provocando que el producto finalice.\"}]",
      "id": "CVE-2019-0351",
      "lastModified": "2024-11-21T04:16:43.777",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-14T14:15:16.807",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/2800779\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2800779\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0351\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-08-14T14:15:16.807\",\"lastModified\":\"2024-11-21T04:16:43.777\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Debido a esto, un atacante puede explotar el Services Registry potencialmente permiti\u00e9ndoles tomar el control completo del producto, incluyendo visualizar, cambiar o eliminar datos mediante la inyecci\u00f3n de c\u00f3digo en la memoria de trabajo que posteriormente es ejecutada por la aplicaci\u00f3n. Tambi\u00e9n puede ser usada para causar un fallo general en el producto, provocando que el producto finalice.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B11A3B-C559-428C-8946-7FD9FFBFA1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"606EFE4F-57A4-44E2-A98D-F0867A658218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECD5E96-7669-4747-80D2-27F95BF420BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019F7F5-7740-4BD4-850F-D7A1923C6200\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2800779\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2800779\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.