Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106999 | Third Party Advisory VDB Entry |
https://launchpad.support.sap.com/#/notes/2728839 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 | Broken Link Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Oct 2022, 14:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap netweaver Application Server Abap
|
|
CPE | cpe:2.3:a:sap:netweaver_as_abap:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:7.31:*:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:* |
20 Sep 2022, 17:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_abap:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_abap:7.40:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_abap:7.30:*:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:7.40:*:*:*:*:*:*:* |
References | (BID) http://www.securityfocus.com/bid/106999 - Third Party Advisory, VDB Entry | |
References | (MISC) https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 - Broken Link, Vendor Advisory | |
First Time |
Sap netweaver As Abap
|
Information
Published : 2019-02-15 18:29
Updated : 2023-12-10 12:44
NVD link : CVE-2019-0257
Mitre link : CVE-2019-0257
CVE.ORG link : CVE-2019-0257
JSON object : View
Products Affected
sap
- netweaver_application_server_abap
- netweaver_as_abap
CWE
CWE-862
Missing Authorization