Vulnerability-Lookup

CVE-2019-0386 (GCVE-0-2019-0386)

Vulnerability from cvelistv5 – Published: 2019-11-13 22:18 – Updated: 2024-08-04 17:51

Summary

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.

Severity ?

No CVSS data available.

CWE

Missing Authorization Check

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2840520	x_refsource_MISC

Impacted products

Vendor

Product

Version

SAP SE

SAP ERP Sales (SAP_APPL)

Affected: < 6.0
Affected: < 6.02
Affected: < 6.03
Affected: < 6.04
Affected: < 6.05
Affected: < 6.06
Affected: < 6.16
Affected: < 6.17
Affected: < 6.18

SAP SE

S4HANA Sales (S4CORE)

Affected: < 1.0
Affected: < 1.01
Affected: < 1.02
Affected: < 1.03
Affected: < 1.04

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:26.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2840520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP ERP Sales (SAP_APPL)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0"
            },
            {
              "status": "affected",
              "version": "\u003c 6.02"
            },
            {
              "status": "affected",
              "version": "\u003c 6.03"
            },
            {
              "status": "affected",
              "version": "\u003c 6.04"
            },
            {
              "status": "affected",
              "version": "\u003c 6.05"
            },
            {
              "status": "affected",
              "version": "\u003c 6.06"
            },
            {
              "status": "affected",
              "version": "\u003c 6.16"
            },
            {
              "status": "affected",
              "version": "\u003c 6.17"
            },
            {
              "status": "affected",
              "version": "\u003c 6.18"
            }
          ]
        },
        {
          "product": "S4HANA Sales (S4CORE)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0"
            },
            {
              "status": "affected",
              "version": "\u003c 1.01"
            },
            {
              "status": "affected",
              "version": "\u003c 1.02"
            },
            {
              "status": "affected",
              "version": "\u003c 1.03"
            },
            {
              "status": "affected",
              "version": "\u003c 1.04"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authorization Check",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-13T22:18:40.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2840520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP ERP Sales (SAP_APPL)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "6.0"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.02"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.03"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.04"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.05"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.06"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.16"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.17"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.18"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "S4HANA Sales (S4CORE)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "1.0"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1.01"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1.02"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1.03"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1.04"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing Authorization Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2840520",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2840520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0386",
    "datePublished": "2019-11-13T22:18:40.000Z",
    "dateReserved": "2018-11-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:51:26.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-0386",
      "date": "2026-04-26",
      "epss": "0.00251",
      "percentile": "0.48475"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA8AA5F5-48FB-4861-9970-0CEF9F622338\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFE66DFC-8C04-4FD9-BE8E-6102BCA7B602\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F1550E7-1311-4489-B1C8-BD75D7999EBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79D51B57-3338-4508-84B9-CB3F34289B63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFC18609-56B8-41E4-85B2-16D0909683A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5F74985-B98E-4AF2-BA84-07697A489409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F5DF40F-1913-4572-B24F-5E4A97C76213\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA99A1A3-C834-4A05-BB21-C879DBE4FE79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:erp_sales:6.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3BB1782-3CC0-4FA9-B621-8627A4273F06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:s4hana_sales:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8894393-BB86-49C2-8A7B-B12E67247C38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:s4hana_sales:1.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1CDABB3-9855-4205-A0E8-27F457966CFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:s4hana_sales:1.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280BC037-5CDC-4D75-8CE5-D531AA5179F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:s4hana_sales:1.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B3E78F-B9BA-484E-B60D-807229DD21C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:s4hana_sales:1.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C5459A5-7B45-4A01-98AF-4D135FDE5487\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.\"}, {\"lang\": \"es\", \"value\": \"El procesamiento de pedidos en SAP ERP Sales (corregido en SAP_APPL versiones 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) y S4HANA Sales (corregido en S4CORE versiones  1.0, 1.01, 1.02, 1.03, 1.04), no ejecuta la comprobaci\\u00f3n de autorizaci\\u00f3n requerida para un usuario autenticado, lo que puede resultar en una escalada de privilegios.\"}]",
      "id": "CVE-2019-0386",
      "lastModified": "2024-11-21T04:16:46.867",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-13T23:15:11.027",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/2840520\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2840520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0386\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-11-13T23:15:11.027\",\"lastModified\":\"2024-11-21T04:16:46.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.\"},{\"lang\":\"es\",\"value\":\"El procesamiento de pedidos en SAP ERP Sales (corregido en SAP_APPL versiones 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) y S4HANA Sales (corregido en S4CORE versiones  1.0, 1.01, 1.02, 1.03, 1.04), no ejecuta la comprobaci\u00f3n de autorizaci\u00f3n requerida para un usuario autenticado, lo que puede resultar en una escalada de privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8AA5F5-48FB-4861-9970-0CEF9F622338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFE66DFC-8C04-4FD9-BE8E-6102BCA7B602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F1550E7-1311-4489-B1C8-BD75D7999EBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D51B57-3338-4508-84B9-CB3F34289B63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC18609-56B8-41E4-85B2-16D0909683A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5F74985-B98E-4AF2-BA84-07697A489409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F5DF40F-1913-4572-B24F-5E4A97C76213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA99A1A3-C834-4A05-BB21-C879DBE4FE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:erp_sales:6.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3BB1782-3CC0-4FA9-B621-8627A4273F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:s4hana_sales:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8894393-BB86-49C2-8A7B-B12E67247C38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:s4hana_sales:1.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1CDABB3-9855-4205-A0E8-27F457966CFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:s4hana_sales:1.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280BC037-5CDC-4D75-8CE5-D531AA5179F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:s4hana_sales:1.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B3E78F-B9BA-484E-B60D-807229DD21C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:s4hana_sales:1.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C5459A5-7B45-4A01-98AF-4D135FDE5487\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2840520\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2840520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-WCF6-RGR3-QR83

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0386"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-13T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.",
  "id": "GHSA-wcf6-rgr3-qr83",
  "modified": "2022-05-24T17:00:55Z",
  "published": "2022-05-24T17:00:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0386"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2840520"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-0386

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0386

Aliases

CVE-2019-0386

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0386",
    "description": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.",
    "id": "GSD-2019-0386"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0386"
      ],
      "details": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.",
      "id": "GSD-2019-0386",
      "modified": "2023-12-13T01:23:39.470821Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2019-0386",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP ERP Sales (SAP_APPL)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "6.0"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.02"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.03"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.04"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.05"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.06"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.16"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.17"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "6.18"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "S4HANA Sales (S4CORE)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "1.0"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "1.01"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "1.02"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "1.03"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "1.04"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing Authorization Check"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2840520",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2840520"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:erp_sales:6.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:s4hana_sales:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:s4hana_sales:1.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:s4hana_sales:1.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:s4hana_sales:1.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:s4hana_sales:1.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0386"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2840520",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2840520"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-11-13T23:15Z"
    }
  }
}

FKIE_CVE-2019-0386

Vulnerability from fkie_nvd - Published: 2019-11-13 23:15 - Updated: 2024-11-21 04:16

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2840520	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2840520	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	erp_sales	6.0
sap	erp_sales	6.02
sap	erp_sales	6.03
sap	erp_sales	6.04
sap	erp_sales	6.05
sap	erp_sales	6.06
sap	erp_sales	6.16
sap	erp_sales	6.17
sap	erp_sales	6.18
sap	s4hana_sales	1.0
sap	s4hana_sales	1.01
sap	s4hana_sales	1.02
sap	s4hana_sales	1.03
sap	s4hana_sales	1.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8AA5F5-48FB-4861-9970-0CEF9F622338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE66DFC-8C04-4FD9-BE8E-6102BCA7B602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1550E7-1311-4489-B1C8-BD75D7999EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "79D51B57-3338-4508-84B9-CB3F34289B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC18609-56B8-41E4-85B2-16D0909683A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F74985-B98E-4AF2-BA84-07697A489409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F5DF40F-1913-4572-B24F-5E4A97C76213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA99A1A3-C834-4A05-BB21-C879DBE4FE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:erp_sales:6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3BB1782-3CC0-4FA9-B621-8627A4273F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s4hana_sales:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8894393-BB86-49C2-8A7B-B12E67247C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s4hana_sales:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CDABB3-9855-4205-A0E8-27F457966CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s4hana_sales:1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "280BC037-5CDC-4D75-8CE5-D531AA5179F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s4hana_sales:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B3E78F-B9BA-484E-B60D-807229DD21C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s4hana_sales:1.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5459A5-7B45-4A01-98AF-4D135FDE5487",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges."
    },
    {
      "lang": "es",
      "value": "El procesamiento de pedidos en SAP ERP Sales (corregido en SAP_APPL versiones 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) y S4HANA Sales (corregido en S4CORE versiones  1.0, 1.01, 1.02, 1.03, 1.04), no ejecuta la comprobaci\u00f3n de autorizaci\u00f3n requerida para un usuario autenticado, lo que puede resultar en una escalada de privilegios."
    }
  ],
  "id": "CVE-2019-0386",
  "lastModified": "2024-11-21T04:16:46.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-13T23:15:11.027",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2840520"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2840520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

BDU:2020-00249

Vulnerability from fstec - Published: 12.11.2019

Title

Уязвимость программных средств планирования ресурсов предприятия SAP ERP Sales и S4HANA Sales, связанная с недостатками механизма авторизации, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость программных средств планирования ресурсов предприятия SAP ERP Sales и S4HANA Sales связана с недостатками механизма авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vendor

SAP

Software Name

ERP Sales, S4HANA Sales

Software Version

6.0 (ERP Sales), 6.02 (ERP Sales), 6.03 (ERP Sales), 6.04 (ERP Sales), 6.05 (ERP Sales), 6.06 (ERP Sales), 6.16 (ERP Sales), 6.17 (ERP Sales), 6.18 (ERP Sales), 1.0 (S4HANA Sales), 1.01 (S4HANA Sales), 1.02 (S4HANA Sales), 1.03 (S4HANA Sales), 1.04 (S4HANA Sales)

Possible Mitigations

Использование рекомендаций: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 https://nvd.nist.gov/vuln/detail/CVE-2019-0386

CWE

CWE-863

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SAP",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.0 (ERP Sales), 6.02 (ERP Sales), 6.03 (ERP Sales), 6.04 (ERP Sales), 6.05 (ERP Sales), 6.06 (ERP Sales), 6.16 (ERP Sales), 6.17 (ERP Sales), 6.18 (ERP Sales), 1.0 (S4HANA Sales), 1.01 (S4HANA Sales), 1.02 (S4HANA Sales), 1.03 (S4HANA Sales), 1.04 (S4HANA Sales)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.01.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.01.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00249",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0386",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ERP Sales, S4HANA Sales",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f SAP ERP Sales \u0438 S4HANA Sales, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f SAP ERP Sales \u0438 S4HANA Sales \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0386",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0386 (GCVE-0-2019-0386)

GHSA-WCF6-RGR3-QR83

GSD-2019-0386

FKIE_CVE-2019-0386

BDU:2020-00249

Tags

Sightings

Nomenclature