Vulnerability Details CVE-2019-0257
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/106999
- https://launchpad.support.sap.com/#/notes/2728839
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
- http://www.securityfocus.com/bid/106999
- https://launchpad.support.sap.com/#/notes/2728839
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
Products affected by CVE-2019-0257
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.0
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.02
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.30
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.31
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.40
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.50
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.51
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.52
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.53
-
cpe:2.3:a:sap:netweaver_as_abap:*