cvelistv5 - cve-2019-0319

CVE-2019-0319 (GCVE-0-2019-0319)

Vulnerability from cvelistv5 – Published: 2019-07-10 18:51 – Updated: 2024-08-04 17:44

Summary

Severity ?

No CVSS data available.

CWE

Content Injection

Assigner

sap

References

URL

Tags

	http://www.securityfocus.com/bid/109074	vdb-entryx_refsource_BID
	https://launchpad.support.sap.com/#/notes/2752614	x_refsource_MISC
	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_CONFIRM
	https://cxsecurity.com/ascii/WLB-2019050283	x_refsource_MISC
	https://drive.google.com/open?id=1aGFqggvydehSK7M…	x_refsource_MISC
	http://packetstormsecurity.com/files/153661/SAPUI…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2911267	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP Gateway	Affected: < 7.5 Affected: < 7.51 Affected: < 7.52 Affected: < 7.53

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "109074",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109074"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2752614"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cxsecurity.com/ascii/WLB-2019050283"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2911267"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Gateway",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.5"
            },
            {
              "status": "affected",
              "version": "\u003c 7.51"
            },
            {
              "status": "affected",
              "version": "\u003c 7.52"
            },
            {
              "status": "affected",
              "version": "\u003c 7.53"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Content Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T12:46:08",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "name": "109074",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109074"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2752614"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cxsecurity.com/ascii/WLB-2019050283"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2911267"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "7.5"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.51"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.52"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.53"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Content Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "109074",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2752614",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
              "refsource": "CONFIRM",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "name": "https://cxsecurity.com/ascii/WLB-2019050283",
              "refsource": "MISC",
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
              "refsource": "MISC",
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2911267",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0319",
    "datePublished": "2019-07-10T18:51:55",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:44:16.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55156CCE-56A8-43FD-87C3-1A4849656FBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1165027E-EAC9-4163-B2BC-0FD2E76D1665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"014A32BF-E695-4382-AE81-0209846FA99D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8220FC-05F3-4BE7-AF38-3BD917C5631A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A38FF70-E888-4768-82A8-3A44620F1F6A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not.\"}, {\"lang\": \"es\", \"value\": \"SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podr\\u00eda enga\\u00f1ar a un usuario para que crea que esta informaci\\u00f3n es de servicio leg\\u00edtimo cuando no lo es.\"}]",
      "id": "CVE-2019-0319",
      "lastModified": "2024-11-21T04:16:40.700",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-10T19:15:10.220",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/109074\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cxsecurity.com/ascii/WLB-2019050283\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f\", \"source\": \"cna@sap.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2752614\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2911267\", \"source\": \"cna@sap.com\"}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/109074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cxsecurity.com/ascii/WLB-2019050283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2752614\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2911267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}, {\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0319\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-07-10T19:15:10.220\",\"lastModified\":\"2024-11-21T04:16:40.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not.\"},{\"lang\":\"es\",\"value\":\"SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podr\u00eda enga\u00f1ar a un usuario para que crea que esta informaci\u00f3n es de servicio leg\u00edtimo cuando no lo es.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"},{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55156CCE-56A8-43FD-87C3-1A4849656FBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1165027E-EAC9-4163-B2BC-0FD2E76D1665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"014A32BF-E695-4382-AE81-0209846FA99D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8220FC-05F3-4BE7-AF38-3BD917C5631A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A38FF70-E888-4768-82A8-3A44620F1F6A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/109074\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cxsecurity.com/ascii/WLB-2019050283\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f\",\"source\":\"cna@sap.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2752614\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2911267\",\"source\":\"cna@sap.com\"},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/109074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cxsecurity.com/ascii/WLB-2019050283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2752614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2911267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP SuccessFactors Recruiting version 2005
SAP	N/A	SAP Solution Manager (Problem Context Manager) version 7.2
SAP	N/A	SAP Liquidity Management for Banking version 6.2
SAP	N/A	.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104
SAP	N/A	SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905
SAP	N/A	SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500
SAP	N/A	SAP Business Objects Business Intelligence Platform version 4.2
SAP	N/A	SAP Gateway versions 7.40 et 2.00
SAP	N/A	SAP Business One (Backup service) versions 9.3,et 10.0
SAP	N/A	SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E
SAP	N/A	SAP Gateway versions 7.5, 7.51, 7.52 et 7.53
SAP	N/A	SAP Solution Manager (Trace Analysis) version 7.20
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811 et 1905
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 547426775 du 09 juin 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP SuccessFactors Recruiting version 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Problem Context Manager) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Liquidity Management for Banking version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": ".30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.40 et 2.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One (Backup service) versions 9.3,et 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.5, 7.51, 7.52 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Trace Analysis) version 7.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6266"
    },
    {
      "name": "CVE-2020-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6246"
    },
    {
      "name": "CVE-2020-6263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6263"
    },
    {
      "name": "CVE-2020-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6271"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2020-6268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6268"
    },
    {
      "name": "CVE-2019-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0319"
    },
    {
      "name": "CVE-2020-6264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6264"
    },
    {
      "name": "CVE-2020-6279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6279"
    },
    {
      "name": "CVE-2020-6269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6269"
    },
    {
      "name": "CVE-2020-6270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6270"
    },
    {
      "name": "CVE-2020-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
    },
    {
      "name": "CVE-2020-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6239"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6260"
    },
    {
      "name": "CVE-2020-6265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6265"
    },
    {
      "name": "CVE-2018-1000632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 547426775 du 09 juin 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ]
}

CERTFR-2020-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP SuccessFactors Recruiting version 2005
SAP	N/A	SAP Solution Manager (Problem Context Manager) version 7.2
SAP	N/A	SAP Liquidity Management for Banking version 6.2
SAP	N/A	.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104
SAP	N/A	SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905
SAP	N/A	SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500
SAP	N/A	SAP Business Objects Business Intelligence Platform version 4.2
SAP	N/A	SAP Gateway versions 7.40 et 2.00
SAP	N/A	SAP Business One (Backup service) versions 9.3,et 10.0
SAP	N/A	SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E
SAP	N/A	SAP Gateway versions 7.5, 7.51, 7.52 et 7.53
SAP	N/A	SAP Solution Manager (Trace Analysis) version 7.20
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811 et 1905
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 547426775 du 09 juin 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP SuccessFactors Recruiting version 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Problem Context Manager) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Liquidity Management for Banking version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": ".30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.40 et 2.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One (Backup service) versions 9.3,et 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.5, 7.51, 7.52 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Trace Analysis) version 7.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6266"
    },
    {
      "name": "CVE-2020-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6246"
    },
    {
      "name": "CVE-2020-6263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6263"
    },
    {
      "name": "CVE-2020-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6271"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2020-6268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6268"
    },
    {
      "name": "CVE-2019-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0319"
    },
    {
      "name": "CVE-2020-6264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6264"
    },
    {
      "name": "CVE-2020-6279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6279"
    },
    {
      "name": "CVE-2020-6269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6269"
    },
    {
      "name": "CVE-2020-6270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6270"
    },
    {
      "name": "CVE-2020-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
    },
    {
      "name": "CVE-2020-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6239"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6260"
    },
    {
      "name": "CVE-2020-6265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6265"
    },
    {
      "name": "CVE-2018-1000632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 547426775 du 09 juin 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ]
}

FKIE_CVE-2019-0319

Vulnerability from fkie_nvd - Published: 2019-07-10 19:15 - Updated: 2024-11-21 04:16

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
cna@sap.com	http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html	Exploit, Third Party Advisory
cna@sap.com	http://www.securityfocus.com/bid/109074	Third Party Advisory, VDB Entry
cna@sap.com	https://cxsecurity.com/ascii/WLB-2019050283	Third Party Advisory
cna@sap.com	https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f	Exploit, Third Party Advisory
cna@sap.com	https://launchpad.support.sap.com/#/notes/2752614	Permissions Required, Vendor Advisory
cna@sap.com	https://launchpad.support.sap.com/#/notes/2911267
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109074	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cxsecurity.com/ascii/WLB-2019050283	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2752614	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2911267
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	gateway	7.5
sap	gateway	7.51
sap	gateway	7.52
sap	gateway	7.53
sap	ui5	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55156CCE-56A8-43FD-87C3-1A4849656FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "1165027E-EAC9-4163-B2BC-0FD2E76D1665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "014A32BF-E695-4382-AE81-0209846FA99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8220FC-05F3-4BE7-AF38-3BD917C5631A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A38FF70-E888-4768-82A8-3A44620F1F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
    },
    {
      "lang": "es",
      "value": "SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podr\u00eda enga\u00f1ar a un usuario para que crea que esta informaci\u00f3n es de servicio leg\u00edtimo cuando no lo es."
    }
  ],
  "id": "CVE-2019-0319",
  "lastModified": "2024-11-21T04:16:40.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T19:15:10.220",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109074"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/ascii/WLB-2019050283"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2752614"
    },
    {
      "source": "cna@sap.com",
      "url": "https://launchpad.support.sap.com/#/notes/2911267"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/ascii/WLB-2019050283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2752614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.support.sap.com/#/notes/2911267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        },
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-0319

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0319

Aliases

CVE-2019-0319

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0319",
    "description": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not.",
    "id": "GSD-2019-0319"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0319"
      ],
      "details": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not.",
      "id": "GSD-2019-0319",
      "modified": "2023-12-13T01:23:39.449868Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2019-0319",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "7.5"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.51"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.52"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.53"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Content Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "109074",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/109074"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2752614",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2752614"
          },
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
            "refsource": "CONFIRM",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
          },
          {
            "name": "https://cxsecurity.com/ascii/WLB-2019050283",
            "refsource": "MISC",
            "url": "https://cxsecurity.com/ascii/WLB-2019050283"
          },
          {
            "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
            "refsource": "MISC",
            "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
          },
          {
            "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2911267",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2911267"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0319"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                },
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "109074",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2752614",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "name": "https://cxsecurity.com/ascii/WLB-2019050283",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2911267",
              "refsource": "MISC",
              "tags": [],
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-07-10T19:15Z"
    }
  }
}

CNVD-2020-04338

Vulnerability from cnvd - Published: 2020-02-08

Title

SAP Gateway注入漏洞

Description

SAP Gateway是德国思爱普（SAP）公司的一款基于开放标准的框架。该产品支持非SAP应用程序连接到SAP应用程序，还可连接和访问移动设备上的SAP应用程序。 SAP Gateway存在注入漏洞，该漏洞源于程序未正确过滤用户提交的输入。攻击者可利用该漏洞注入内容并以错误消息的形式显示给用户。

Severity

中

Patch Name

SAP Gateway注入漏洞的补丁

Patch Description

SAP Gateway是德国思爱普（SAP）公司的一款基于开放标准的框架。该产品支持非SAP应用程序连接到SAP应用程序，还可连接和访问移动设备上的SAP应用程序。 SAP Gateway存在注入漏洞，该漏洞源于程序未正确过滤用户提交的输入。攻击者可利用该漏洞注入内容并以错误消息的形式显示给用户。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-0319

Impacted products

Name
['SAP Gateway 7.5', 'SAP Gateway 7.51', 'SAP Gateway 7.52', 'SAP Gateway 7.53']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "109074"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0319",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-0319"
    }
  },
  "description": "SAP Gateway\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u5f00\u653e\u6807\u51c6\u7684\u6846\u67b6\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u975eSAP\u5e94\u7528\u7a0b\u5e8f\u8fde\u63a5\u5230SAP\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd8\u53ef\u8fde\u63a5\u548c\u8bbf\u95ee\u79fb\u52a8\u8bbe\u5907\u4e0a\u7684SAP\u5e94\u7528\u7a0b\u5e8f\u3002\n\nSAP Gateway\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u5185\u5bb9\u5e76\u4ee5\u9519\u8bef\u6d88\u606f\u7684\u5f62\u5f0f\u663e\u793a\u7ed9\u7528\u6237\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04338",
  "openTime": "2020-02-08",
  "patchDescription": "SAP Gateway\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u5f00\u653e\u6807\u51c6\u7684\u6846\u67b6\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u975eSAP\u5e94\u7528\u7a0b\u5e8f\u8fde\u63a5\u5230SAP\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd8\u53ef\u8fde\u63a5\u548c\u8bbf\u95ee\u79fb\u52a8\u8bbe\u5907\u4e0a\u7684SAP\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSAP Gateway\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6b63\u786e\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u5185\u5bb9\u5e76\u4ee5\u9519\u8bef\u6d88\u606f\u7684\u5f62\u5f0f\u663e\u793a\u7ed9\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Gateway\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP Gateway 7.5",
      "SAP Gateway 7.51",
      "SAP Gateway 7.52",
      "SAP Gateway 7.53"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0319",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-16",
  "title": "SAP Gateway\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-RCW5-8M8M-5JCG

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:14

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-10T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not.",
  "id": "GHSA-rcw5-8m8m-5jcg",
  "modified": "2024-04-04T01:14:26Z",
  "published": "2022-05-24T16:49:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0319"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/ascii/WLB-2019050283"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2752614"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2911267"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201907-1475

Vulnerability from variot - Updated: 2023-12-18 13:52

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices.

[VulnerabilityType Other] Content Spoofing

[Vendor of Product] SAP

[Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53

[PoC] Tested in SAPUI5 1.0.0 PoC:

https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31

[Attack Type] Remote

[Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319

[Discoverer] Offensive0Labs - Rafael Fontes Souza

References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP

Hello Rafael,

We are pleased to inform you that we are releasing the following security note on July Patch Day 2019:

Sec Incident ID(s) 1870475251

Security Note 2752614

Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway

Advisory Plan Date 10/09/2019

Delivery date of fix/Patch Day 07/09/2019

CVSS Base Score 4.3

CVSS Base Vector NLNR | U | NLN

Credits go to:

Offensive0Labs, Rafael Fontes Souza

*Notes will be visible to customers on 9th of July 2019.

https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1475",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.5"
      },
      {
        "model": "gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.51"
      },
      {
        "model": "gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.52"
      },
      {
        "model": "gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "ui5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "1.0.0"
      },
      {
        "model": "sapui5",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "netweaver gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.52"
      },
      {
        "model": "netweaver gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.51"
      },
      {
        "model": "netweaver gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP,Rafael Fontes Souza",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0319",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-0319",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-140350",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-0319",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-0319",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-462",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-140350",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nContent Spoofing\n\n------------------------------------------\n\n[Vendor of Product]\nSAP\n\n------------------------------------------\n\n[Affected Product]\nSAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53\n\n------------------------------------------\n\n[PoC]\nTested in SAPUI5 1.0.0\nPoC:\n\nhttps://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category=\u0027P\n\u0027,id=\u0027flp.settings.FlpSettings\u0027)?$expand=PersContainerItemsu1kpa_HACKED_\u0026sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Reference]\nhttps://capec.mitre.org/data/definitions/148.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319\n------------------------------------------\n\n[Discoverer]\nOffensive0Labs - Rafael Fontes Souza\n\n\n\n\nReferences below:\n\"SAP Product Security Response Team\nseg, 8 de jul 04:33 (h\u00e1 6 dias)\npara eu, SAP\n\nHello Rafael,\n\nWe are pleased to inform you that we are releasing the following security\nnote on July Patch Day 2019:\n\nSec Incident ID(s)  1870475251\n\nSecurity Note   2752614\n\nSecurity Note Title  [CVE-2019-0319] Content Injection Vulnerability in SAP\nGateway\n\nAdvisory Plan Date  10/09/2019\n\nDelivery date of fix/Patch Day  07/09/2019\n\nCVSS Base Score  4.3\n\nCVSS Base Vector  NLNR | U | NLN\n\nCredits go to:\n\nOffensive0Labs, Rafael Fontes Souza\n\n*Notes will be visible to customers on 9th of July 2019. \n\nhttps://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers\n\n\"\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "BID",
        "id": "109074"
      },
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "PACKETSTORM",
        "id": "153661"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0319",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "109074",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "153661",
        "trust": 1.8
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2019050283",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-04338",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-140350",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "BID",
        "id": "109074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "PACKETSTORM",
        "id": "153661"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "id": "VAR-201907-1475",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:52:15.845000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Security Patch Day - July 2019",
        "trust": 0.8,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
      },
      {
        "title": "SAP Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94601"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://packetstormsecurity.com/files/153661/sapui5-1.0.0-sap-gateway-7.5-7.51-7.52-7.53-content-spoofing.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/109074"
      },
      {
        "trust": 2.0,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
      },
      {
        "trust": 2.0,
        "url": "https://launchpad.support.sap.com/#/notes/2752614"
      },
      {
        "trust": 1.7,
        "url": "https://cxsecurity.com/ascii/wlb-2019050283"
      },
      {
        "trust": 1.7,
        "url": "https://drive.google.com/open?id=1agfqggvydehsk7mfisfkw7to60yif55f"
      },
      {
        "trust": 1.7,
        "url": "https://launchpad.support.sap.com/#/notes/2911267"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0319"
      },
      {
        "trust": 0.9,
        "url": "http://www.sap.com/"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0319"
      },
      {
        "trust": 0.1,
        "url": "https://wiki.scn.sap.com/wiki/display/psr/acknowledgments+to+security+researchers"
      },
      {
        "trust": 0.1,
        "url": "https://capec.mitre.org/data/definitions/148.html"
      },
      {
        "trust": 0.1,
        "url": "https://sapmobile.target.com/sap/opu/odata/ui2/interop/perscontainers(category=\u0027p"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "BID",
        "id": "109074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "PACKETSTORM",
        "id": "153661"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "db": "BID",
        "id": "109074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "db": "PACKETSTORM",
        "id": "153661"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "109074"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "date": "2019-07-16T02:22:22",
        "db": "PACKETSTORM",
        "id": "153661"
      },
      {
        "date": "2019-07-10T19:15:10.220000",
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-140350"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "109074"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2019-0319"
      },
      {
        "date": "2020-06-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Gateway Vulnerability in injection",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006514"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-462"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0319 (GCVE-0-2019-0319)

CERTFR-2020-AVI-350

Solution

CERTFR-2020-AVI-350

Solution

FKIE_CVE-2019-0319

GSD-2019-0319

CNVD-2020-04338

GHSA-RCW5-8M8M-5JCG

VAR-201907-1475

Tags

Sightings

Nomenclature