cvelistv5 - cve-2019-0257

CVE-2019-0257 (GCVE-0-2019-0257)

Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44

Summary

Severity ?

No CVSS data available.

CWE

Missing Authorization Check

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2728839	x_refsource_MISC
	http://www.securityfocus.com/bid/106999	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	SAP SE	ABAP Platform(SAP Basis)	Affected: < from 7.0 to 7.02 Affected: < from 7.10 to 7.11 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < from 7.50 to 7.53 Affected: < from 7.74 to 7.75

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2728839"
          },
          {
            "name": "106999",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ABAP Platform(SAP Basis)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c from 7.0 to 7.02"
            },
            {
              "status": "affected",
              "version": "\u003c from 7.10 to 7.11"
            },
            {
              "status": "affected",
              "version": "\u003c 7.30"
            },
            {
              "status": "affected",
              "version": "\u003c 7.31"
            },
            {
              "status": "affected",
              "version": "\u003c 7.40"
            },
            {
              "status": "affected",
              "version": "\u003c from 7.50 to 7.53"
            },
            {
              "status": "affected",
              "version": "\u003c from 7.74 to 7.75"
            }
          ]
        }
      ],
      "datePublic": "2019-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authorization Check",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-16T10:57:01",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2728839"
        },
        {
          "name": "106999",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ABAP Platform(SAP Basis)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "from 7.0 to 7.02"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "from 7.10 to 7.11"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.30"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.40"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "from 7.50 to 7.53"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "from 7.74 to 7.75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing Authorization Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2728839",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0257",
    "datePublished": "2019-02-15T18:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:44:16.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndIncluding\": \"7.02\", \"matchCriteriaId\": \"4998F531-ED39-46D4-BA62-466BD37C8873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.50\", \"versionEndIncluding\": \"7.53\", \"matchCriteriaId\": \"C31EF66D-DB32-4352-8824-6630B8C61D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB5E17A3-C1F1-4FB9-8AB2-347C0429E29A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F65C175-29C0-4AC0-887F-46A222FAAF10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0C8BB3C-64ED-456B-93A8-B18F30338BD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.10\", \"versionEndIncluding\": \"7.11\", \"matchCriteriaId\": \"01C3F7F6-3B1D-40C8-B305-8CEC6DEFA851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.74\", \"versionEndIncluding\": \"7.75\", \"matchCriteriaId\": \"341EDF6B-976B-46C4-BF35-CFB341C844F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de personalizaci\\u00f3n de SAP NetWeaver AS ABAP Platform (solucionado en versiones desde la 7.0 hasta la 7.02, desde la 7.10 hasta la 7.11, la 7.30, 7.31, 7.40, desde la 7.50 hasta la 7.53 y desde la 7.74 hasta la 7.75) no realiza las comprobaciones necesarias de autorizaci\\u00f3n para un usuario autenticado, lo que resulta en un escalado de privilegios.\"}]",
      "id": "CVE-2019-0257",
      "lastModified": "2024-11-21T04:16:35.483",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-02-15T18:29:01.037",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106999\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2728839\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\", \"source\": \"cna@sap.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2728839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0257\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-02-15T18:29:01.037\",\"lastModified\":\"2024-11-21T04:16:35.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de personalizaci\u00f3n de SAP NetWeaver AS ABAP Platform (solucionado en versiones desde la 7.0 hasta la 7.02, desde la 7.10 hasta la 7.11, la 7.30, 7.31, 7.40, desde la 7.50 hasta la 7.53 y desde la 7.74 hasta la 7.75) no realiza las comprobaciones necesarias de autorizaci\u00f3n para un usuario autenticado, lo que resulta en un escalado de privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.02\",\"matchCriteriaId\":\"4998F531-ED39-46D4-BA62-466BD37C8873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.50\",\"versionEndIncluding\":\"7.53\",\"matchCriteriaId\":\"C31EF66D-DB32-4352-8824-6630B8C61D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB5E17A3-C1F1-4FB9-8AB2-347C0429E29A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F65C175-29C0-4AC0-887F-46A222FAAF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C8BB3C-64ED-456B-93A8-B18F30338BD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.10\",\"versionEndIncluding\":\"7.11\",\"matchCriteriaId\":\"01C3F7F6-3B1D-40C8-B305-8CEC6DEFA851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.74\",\"versionEndIncluding\":\"7.75\",\"matchCriteriaId\":\"341EDF6B-976B-46C4-BF35-CFB341C844F0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106999\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2728839\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\",\"source\":\"cna@sap.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2728839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-0257

Vulnerability from fkie_nvd - Published: 2019-02-15 18:29 - Updated: 2024-11-21 04:16

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@sap.com	http://www.securityfocus.com/bid/106999	Third Party Advisory, VDB Entry
cna@sap.com	https://launchpad.support.sap.com/#/notes/2728839	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106999	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2728839	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	Broken Link, Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_application_server_abap	*
sap	netweaver_application_server_abap	*
sap	netweaver_application_server_abap	7.30
sap	netweaver_application_server_abap	7.31
sap	netweaver_application_server_abap	7.40
sap	netweaver_as_abap	*
sap	netweaver_as_abap	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4998F531-ED39-46D4-BA62-466BD37C8873",
              "versionEndIncluding": "7.02",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C31EF66D-DB32-4352-8824-6630B8C61D47",
              "versionEndIncluding": "7.53",
              "versionStartIncluding": "7.50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5E17A3-C1F1-4FB9-8AB2-347C0429E29A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F65C175-29C0-4AC0-887F-46A222FAAF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C8BB3C-64ED-456B-93A8-B18F30338BD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01C3F7F6-3B1D-40C8-B305-8CEC6DEFA851",
              "versionEndIncluding": "7.11",
              "versionStartIncluding": "7.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "341EDF6B-976B-46C4-BF35-CFB341C844F0",
              "versionEndIncluding": "7.75",
              "versionStartIncluding": "7.74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de personalizaci\u00f3n de SAP NetWeaver AS ABAP Platform (solucionado en versiones desde la 7.0 hasta la 7.02, desde la 7.10 hasta la 7.11, la 7.30, 7.31, 7.40, desde la 7.50 hasta la 7.53 y desde la 7.74 hasta la 7.75) no realiza las comprobaciones necesarias de autorizaci\u00f3n para un usuario autenticado, lo que resulta en un escalado de privilegios."
    }
  ],
  "id": "CVE-2019-0257",
  "lastModified": "2024-11-21T04:16:35.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-15T18:29:01.037",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106999"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2728839"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2728839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201902-0717

Vulnerability from variot - Updated: 2022-09-21 22:23

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP NetWeaver AS ABAP Platform Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP ABAP is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0717",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver as abap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver as abap",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.74"
      },
      {
        "model": "netweaver as abap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver as abap",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver as abap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "netweaver as abap",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.75"
      },
      {
        "model": "netweaver as abap",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "netweaver as abap",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.0 to  7.02"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.10 to  7.11"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.50 to  7.53"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.74 to  7.75"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.75"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.74"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.11",
                "versionStartIncluding": "7.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.02",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.75",
                "versionStartIncluding": "7.74",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.53",
                "versionStartIncluding": "7.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP",
    "sources": [
      {
        "db": "BID",
        "id": "106999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-0257",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2019-0257",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.8,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-0257",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-0257",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-0257",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-522",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP NetWeaver AS ABAP Platform Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP ABAP is prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "BID",
        "id": "106999"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0257",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "106999",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "id": "VAR-201902-0717",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.094017096
  },
  "last_update_date": "2022-09-21T22:23:59.889000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Security Patch Day - February 2019",
        "trust": 0.8,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922943"
      },
      {
        "title": "SAP ABAP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89333"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-285",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106999"
      },
      {
        "trust": 1.9,
        "url": "https://launchpad.support.sap.com/#/notes/2728839"
      },
      {
        "trust": 1.6,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922943"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0257"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0257"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com/"
      },
      {
        "trust": 0.3,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922957"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "106999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "106999"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "date": "2019-02-15T18:29:00",
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "106999"
      },
      {
        "date": "2019-03-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      },
      {
        "date": "2022-09-20T17:39:00",
        "db": "NVD",
        "id": "CVE-2019-0257"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver AS ABAP Platform Authorization vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001919"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-522"
      }
    ],
    "trust": 0.6
  }
}

GSD-2019-0257

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0257

Aliases

CVE-2019-0257

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0257",
    "description": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",
    "id": "GSD-2019-0257"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0257"
      ],
      "details": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",
      "id": "GSD-2019-0257",
      "modified": "2023-12-13T01:23:39.435741Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2019-0257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ABAP Platform(SAP Basis)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "from 7.0 to 7.02"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "from 7.10 to 7.11"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.30"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.31"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.40"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "from 7.50 to 7.53"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "from 7.74 to 7.75"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing Authorization Check"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2728839",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2728839"
          },
          {
            "name": "106999",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106999"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.11",
                "versionStartIncluding": "7.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.75",
                "versionStartIncluding": "7.74",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.02",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.53",
                "versionStartIncluding": "7.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0257"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2728839",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-05T14:17Z",
      "publishedDate": "2019-02-15T18:29Z"
    }
  }
}

CNVD-2020-22335

Vulnerability from cnvd - Published: 2020-04-12

Title

SAP ABAP存在未明漏洞

Description

SAP Netweaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。 SAP ABAP存在未明漏洞。攻击者可利用该漏洞获取未授权的访问权限及敏感信息。

Severity

中

Patch Name

SAP ABAP存在未明漏洞的补丁

Patch Description

SAP Netweaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。 SAP ABAP存在未明漏洞。攻击者可利用该漏洞获取未授权的访问权限及敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922957

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-0257

Impacted products

Name
['SAP ABAP >=7.00，<=7.02', 'SAP ABAP >=7.10，<=7.11', 'SAP ABAP 7.30', 'SAP ABAP 7.31', 'SAP ABAP 7.40', 'SAP ABAP >=7.50，<=7.53', 'SAP ABAP >=7.74，<=7.75']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0257",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0257"
    }
  },
  "description": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002ABAP\u662f\u4e00\u6b3e\u8fd0\u884c\u4e8eNetWeaver\u4e2d\u4e14\u57fa\u4e8eABAP\u9ad8\u7ea7\u7f16\u7a0b\u8bed\u8a00\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\n\nSAP ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u53ca\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922957",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22335",
  "openTime": "2020-04-12",
  "patchDescription": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002ABAP\u662f\u4e00\u6b3e\u8fd0\u884c\u4e8eNetWeaver\u4e2d\u4e14\u57fa\u4e8eABAP\u9ad8\u7ea7\u7f16\u7a0b\u8bed\u8a00\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\r\n\r\nSAP ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u53ca\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP ABAP \u003e=7.00\uff0c\u003c=7.02",
      "SAP ABAP \u003e=7.10\uff0c\u003c=7.11",
      "SAP ABAP 7.30",
      "SAP ABAP 7.31",
      "SAP ABAP 7.40",
      "SAP ABAP \u003e=7.50\uff0c\u003c=7.53",
      "SAP ABAP \u003e=7.74\uff0c\u003c=7.75"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0257",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-15",
  "title": "SAP ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GHSA-XG34-8QVC-J4HH

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-15T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",
  "id": "GHSA-xg34-8qvc-j4hh",
  "modified": "2022-05-13T01:21:12Z",
  "published": "2022-05-13T01:21:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0257"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2728839"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0257 (GCVE-0-2019-0257)

FKIE_CVE-2019-0257

VAR-201902-0717

GSD-2019-0257

CNVD-2020-22335

GHSA-XG34-8QVC-J4HH

Tags

Sightings

Nomenclature