cvelistv5 - cve-2019-0328

CVE-2019-0328 (GCVE-0-2019-0328)

Vulnerability from cvelistv5 – Published: 2019-07-10 19:10 – Updated: 2024-08-04 17:44

Summary

Severity ?

No CVSS data available.

CWE

Code Injection

Assigner

sap

References

URL

Tags

	http://www.securityfocus.com/bid/109067	vdb-entryx_refsource_BID
	https://launchpad.support.sap.com/#/notes/2774489	x_refsource_MISC
	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	SAP SE	SAP NetWeaver Process Integration ABAP tests (SAP Basis)	Affected: < 7.0 Affected: < 7.1 Affected: < 7.3 Affected: < 7.31 Affected: < 7.4 Affected: < 7.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "109067",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109067"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2774489"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0"
            },
            {
              "status": "affected",
              "version": "\u003c 7.1"
            },
            {
              "status": "affected",
              "version": "\u003c 7.3"
            },
            {
              "status": "affected",
              "version": "\u003c 7.31"
            },
            {
              "status": "affected",
              "version": "\u003c 7.4"
            },
            {
              "status": "affected",
              "version": "\u003c 7.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-10T19:10:42",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "name": "109067",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109067"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2774489"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "7.0"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.1"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.3"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.4"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "109067",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109067"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2774489",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2774489"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
              "refsource": "CONFIRM",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0328",
    "datePublished": "2019-07-10T19:10:37",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:44:16.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1785FB0A-AC85-4BFC-A9E2-41A9664D8DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6594C3CC-D474-4FB7-8B00-C6303EC6F254\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E23F15D6-6410-4255-9D96-D4795CCB33A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A673172-AFA8-4613-9A1D-CC994395DB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7482316A-99DB-48B2-ABEF-645BC92ACB01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"587D81FB-B2ED-4184-9258-A38A18B36DC5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.\"}, {\"lang\": \"es\", \"value\": \"ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecuci\\u00f3n de comandos del sistema operativo con derechos privilegiados. Un atacante podr\\u00eda afectar la integridad y disponibilidad del sistema.\"}]",
      "id": "CVE-2019-0328",
      "lastModified": "2024-11-21T04:16:41.410",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-10T20:15:12.123",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/109067\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2774489\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/109067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2774489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0328\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-07-10T20:15:12.123\",\"lastModified\":\"2024-11-21T04:16:41.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.\"},{\"lang\":\"es\",\"value\":\"ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecuci\u00f3n de comandos del sistema operativo con derechos privilegiados. Un atacante podr\u00eda afectar la integridad y disponibilidad del sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1785FB0A-AC85-4BFC-A9E2-41A9664D8DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6594C3CC-D474-4FB7-8B00-C6303EC6F254\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23F15D6-6410-4255-9D96-D4795CCB33A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A673172-AFA8-4613-9A1D-CC994395DB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7482316A-99DB-48B2-ABEF-645BC92ACB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"587D81FB-B2ED-4184-9258-A38A18B36DC5\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/109067\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2774489\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/109067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2774489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-MF36-XJQX-XW36

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:14

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-10T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",
  "id": "GHSA-mf36-xjqx-xw36",
  "modified": "2024-04-04T01:14:33Z",
  "published": "2022-05-24T16:49:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0328"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2774489"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/109067"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2019-25986

Vulnerability from cnvd - Published: 2019-08-05

Title

SAP NetWeaver Process Integration命令注入漏洞

Description

SAP Basis是一套内容管理系统。SAP NetWeaver Process Integration（PI）是德国思爱普（SAP）公司的一套SAP企业应用程序集成软件，是NetWeaver产品组的一个组件。该组件主要用于内部系统与外部的信息交换。 SAP NetWeaver PI中的ABAP Tests模块存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Severity

高

Patch Name

SAP NetWeaver Process Integration命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-0328

Impacted products

Name
SAP NetWeaver Process Integration

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "109067"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0328",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-0328"
    }
  },
  "description": "SAP Basis\u662f\u4e00\u5957\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002SAP NetWeaver Process Integration\uff08PI\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957SAP\u4f01\u4e1a\u5e94\u7528\u7a0b\u5e8f\u96c6\u6210\u8f6f\u4ef6\uff0c\u662fNetWeaver\u4ea7\u54c1\u7ec4\u7684\u4e00\u4e2a\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u4e3b\u8981\u7528\u4e8e\u5185\u90e8\u7cfb\u7edf\u4e0e\u5916\u90e8\u7684\u4fe1\u606f\u4ea4\u6362\u3002\n\nSAP NetWeaver PI\u4e2d\u7684ABAP Tests\u6a21\u5757\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "SAP",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-25986",
  "openTime": "2019-08-05",
  "patchDescription": "SAP Basis\u662f\u4e00\u5957\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002SAP NetWeaver Process Integration\uff08PI\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957SAP\u4f01\u4e1a\u5e94\u7528\u7a0b\u5e8f\u96c6\u6210\u8f6f\u4ef6\uff0c\u662fNetWeaver\u4ea7\u54c1\u7ec4\u7684\u4e00\u4e2a\u7ec4\u4ef6\u3002\u8be5\u7ec4\u4ef6\u4e3b\u8981\u7528\u4e8e\u5185\u90e8\u7cfb\u7edf\u4e0e\u5916\u90e8\u7684\u4fe1\u606f\u4ea4\u6362\u3002\r\n\r\nSAP NetWeaver PI\u4e2d\u7684ABAP Tests\u6a21\u5757\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP NetWeaver Process Integration\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SAP NetWeaver Process Integration"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0328",
  "serverity": "\u9ad8",
  "submitTime": "2019-08-01",
  "title": "SAP NetWeaver Process Integration\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2019-0328

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0328

Aliases

CVE-2019-0328

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0328",
    "description": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",
    "id": "GSD-2019-0328"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0328"
      ],
      "details": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.",
      "id": "GSD-2019-0328",
      "modified": "2023-12-13T01:23:39.466751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2019-0328",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "7.0"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.1"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.3"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.31"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.4"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Code Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "109067",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/109067"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2774489",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2774489"
          },
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
            "refsource": "CONFIRM",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0328"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2774489",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2774489"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "name": "109067",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/109067"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-07-18T13:37Z",
      "publishedDate": "2019-07-10T20:15Z"
    }
  }
}

FKIE_CVE-2019-0328

Vulnerability from fkie_nvd - Published: 2019-07-10 20:15 - Updated: 2024-11-21 04:16

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@sap.com	http://www.securityfocus.com/bid/109067	Third Party Advisory, VDB Entry
cna@sap.com	https://launchpad.support.sap.com/#/notes/2774489	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/109067	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2774489	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_process_integration	7.0
sap	netweaver_process_integration	7.1
sap	netweaver_process_integration	7.3
sap	netweaver_process_integration	7.4
sap	netweaver_process_integration	7.5
sap	netweaver_process_integration	7.31

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1785FB0A-AC85-4BFC-A9E2-41A9664D8DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6594C3CC-D474-4FB7-8B00-C6303EC6F254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23F15D6-6410-4255-9D96-D4795CCB33A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A673172-AFA8-4613-9A1D-CC994395DB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7482316A-99DB-48B2-ABEF-645BC92ACB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "587D81FB-B2ED-4184-9258-A38A18B36DC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."
    },
    {
      "lang": "es",
      "value": "ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecuci\u00f3n de comandos del sistema operativo con derechos privilegiados. Un atacante podr\u00eda afectar la integridad y disponibilidad del sistema."
    }
  ],
  "id": "CVE-2019-0328",
  "lastModified": "2024-11-21T04:16:41.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T20:15:12.123",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109067"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2774489"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2774489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201907-1481

Vulnerability from variot - Updated: 2023-12-18 13:43

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. SAP NetWeaver Process Integration Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Process Integration is prone to a code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1481",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.5"
      },
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.4"
      },
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.3"
      },
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.1"
      },
      {
        "model": "netweaver process integration",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "sap",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP",
    "sources": [
      {
        "db": "BID",
        "id": "109067"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-0328",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-0328",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-0328",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-0328",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-457",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. SAP NetWeaver Process Integration Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Process Integration is prone to a code-injection vulnerability. \nAn attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "BID",
        "id": "109067"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0328",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "109067",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "id": "VAR-201907-1481",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15555556
  },
  "last_update_date": "2023-12-18T13:43:16.290000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Security Patch Day - July 2019",
        "trust": 0.8,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
      },
      {
        "title": "SAP NetWeaver Process Integration Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94596"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://launchpad.support.sap.com/#/notes/2774489"
      },
      {
        "trust": 1.9,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/109067"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0328"
      },
      {
        "trust": 0.9,
        "url": "http://www.sap.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0328"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "109067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "109067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "109067"
      },
      {
        "date": "2019-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "date": "2019-07-10T20:15:12.123000",
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "109067"
      },
      {
        "date": "2019-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      },
      {
        "date": "2019-07-18T13:37:49.993000",
        "db": "NVD",
        "id": "CVE-2019-0328"
      },
      {
        "date": "2019-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver Process Integration In  OS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006505"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-457"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0328 (GCVE-0-2019-0328)

GHSA-MF36-XJQX-XW36

CNVD-2019-25986

GSD-2019-0328

FKIE_CVE-2019-0328

VAR-201907-1481

Tags

Sightings

Nomenclature