CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0267

HIGH
8.8
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile20.53th
PublishedFeb 15, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

Affected Platforms (CPE)

πŸ“¦
Sap

Manufacturing Integration And Intelligence

= 15.0
πŸ“¦
Sap

Manufacturing Integration And Intelligence

= 15.1
πŸ“¦
Sap

Manufacturing Integration And Intelligence

= 15.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106990
πŸ”— https://launchpad.support.sap.com/#/notes/2686535
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
πŸ”— http://www.securityfocus.com/bid/106990
πŸ”— https://launchpad.support.sap.com/#/notes/2686535
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Related Vulnerabilities

CVE-2016-23897.5

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) compone...

CVE-2016-40166.1

Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remo...

CVE-2015-83295.0

SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attack...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...