CVE-2019-0270 (GCVE-0-2019-0270)
Vulnerability from cvelistv5 – Published: 2019-03-12 22:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
Severity ?
No CVSS data available.
CWE
- Missing Authorization Check
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | ABAP Platform & Server (KRNL32NUC) |
Affected:
< 7.21
Affected: < 7.21EXT Affected: < 7.22 Affected: < 7.22EXT |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2727689"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Platform \u0026 Server (KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "ABAP Platform \u0026 Server (KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "ABAP Platform \u0026 Server (KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.74"
}
]
},
{
"product": "ABAP Platform \u0026 Server (KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.74"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
},
{
"product": "ABAP Platform \u0026 Server (KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.45"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.74"
},
{
"status": "affected",
"version": "\u003c 7.75"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-14T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "107377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2727689"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Platform \u0026 Server (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform \u0026 Server (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform \u0026 Server (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.74"
}
]
}
},
{
"product_name": "ABAP Platform \u0026 Server (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.74"
},
{
"version_name": "\u003c",
"version_value": "8.04"
}
]
}
},
{
"product_name": "ABAP Platform \u0026 Server (KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.45"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.74"
},
{
"version_name": "\u003c",
"version_value": "7.75"
},
{
"version_name": "\u003c",
"version_value": "8.04"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107377"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2727689",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2727689"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0270",
"datePublished": "2019-03-12T22:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC82D3B-082F-4557-9486-68BB961DF06A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8EBCD0F-ED63-4C55-9DB4-63DE8F0751CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D318512C-4F5F-47AD-9F85-1EACCCBF11C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2AFDC66-A5C4-4135-9A7F-1778B9DDF2EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB213CC-4C71-4B3A-9D9F-C83594597447\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46C2954E-3626-4DC7-85CA-241B9E826337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F72516A7-737D-407D-A483-E577993868FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3087F37A-8D4F-43AC-8E8E-EA7D5E5AF44C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:8.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D699689-AEC0-4A19-AC29-7AAE1E4EEA1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED21DC1E-A53A-4E92-83F0-7455EBEFA3A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93910493-4A5E-4E14-B6FD-6A5B175AE664\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B9301C-C221-4345-A006-DA7B12E93D1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A2B2EC5-A03F-4EBB-BCAF-526DE7EFE2BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"940B8331-6D22-418A-9D17-B14DAB035FE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D191560-7559-4D90-A593-261C4FD6458D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01A83003-D709-4E48-8CBE-2AA40274ADA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"471132DF-5B9A-4124-B75F-A09EA02C9CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A50F5C48-173B-487A-8DD1-06A921E37602\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD2EBEA5-D698-4595-A654-DEA58C948C78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A901C3A0-E763-4133-9F1F-CDB5AE45A6E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE5B551B-0CD5-4800-9A0D-B5B36AD6BCCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CC9A5B1-F1B2-4804-BABD-2CAEA06BCC42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D40A13-C630-4E43-A44B-76CAB09FF2C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26486715-DC64-4AC6-A60D-01254A75C19C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6953A3D-8BD4-45DA-A872-6222CB6C1B77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C3A6702-3A41-4DA5-B705-AAC77A097AC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80296DDD-A3B9-4A7F-B831-DC064A85CE38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DFDC7BE-4A75-4C80-8A5C-79699062DB43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:8.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCA6E11C-842E-468F-A3B6-34FF5315B8E7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.\"}, {\"lang\": \"es\", \"value\": \"El servidor ABAP de SAP NetWeaver y ABAP Platform no realiza correctamente las comprobaciones de autorizaci\\u00f3n necesarias para un usuario autenticado, lo que resulta en un escalado de privilegios. Esto se ha solucionado en las siguientes versiones: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75 y 8.04.\"}]",
"id": "CVE-2019-0270",
"lastModified": "2024-11-21T04:16:36.713",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-03-12T22:29:00.427",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/107377\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2727689\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2727689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0270\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-03-12T22:29:00.427\",\"lastModified\":\"2024-11-21T04:16:36.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.\"},{\"lang\":\"es\",\"value\":\"El servidor ABAP de SAP NetWeaver y ABAP Platform no realiza correctamente las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que resulta en un escalado de privilegios. Esto se ha solucionado en las siguientes versiones: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75 y 8.04.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC82D3B-082F-4557-9486-68BB961DF06A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EBCD0F-ED63-4C55-9DB4-63DE8F0751CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D318512C-4F5F-47AD-9F85-1EACCCBF11C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFDC66-A5C4-4135-9A7F-1778B9DDF2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB213CC-4C71-4B3A-9D9F-C83594597447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C2954E-3626-4DC7-85CA-241B9E826337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F72516A7-737D-407D-A483-E577993868FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3087F37A-8D4F-43AC-8E8E-EA7D5E5AF44C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D699689-AEC0-4A19-AC29-7AAE1E4EEA1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED21DC1E-A53A-4E92-83F0-7455EBEFA3A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93910493-4A5E-4E14-B6FD-6A5B175AE664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B9301C-C221-4345-A006-DA7B12E93D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2B2EC5-A03F-4EBB-BCAF-526DE7EFE2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"940B8331-6D22-418A-9D17-B14DAB035FE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D191560-7559-4D90-A593-261C4FD6458D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A83003-D709-4E48-8CBE-2AA40274ADA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471132DF-5B9A-4124-B75F-A09EA02C9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A50F5C48-173B-487A-8DD1-06A921E37602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD2EBEA5-D698-4595-A654-DEA58C948C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A901C3A0-E763-4133-9F1F-CDB5AE45A6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5B551B-0CD5-4800-9A0D-B5B36AD6BCCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC9A5B1-F1B2-4804-BABD-2CAEA06BCC42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D40A13-C630-4E43-A44B-76CAB09FF2C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26486715-DC64-4AC6-A60D-01254A75C19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6953A3D-8BD4-45DA-A872-6222CB6C1B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C3A6702-3A41-4DA5-B705-AAC77A097AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80296DDD-A3B9-4A7F-B831-DC064A85CE38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DFDC7BE-4A75-4C80-8A5C-79699062DB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA6E11C-842E-468F-A3B6-34FF5315B8E7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107377\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2727689\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2727689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…