CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0389

HIGH
8.8
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile23.80th
PublishedNov 13, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Affected Platforms (CPE)

πŸ“¦
Sap

Netweaver Application Server Java

= 7.1
πŸ“¦
Sap

Netweaver Application Server Java

= 7.2
πŸ“¦
Sap

Netweaver Application Server Java

= 7.3
πŸ“¦
Sap

Netweaver Application Server Java

= 7.4
πŸ“¦
Sap

Netweaver Application Server Java

= 7.5
πŸ“¦
Sap

Netweaver Application Server Java

= 7.31

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/2814357
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
πŸ”— https://launchpad.support.sap.com/#/notes/2814357
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Related Vulnerabilities

CVE-2010-532610.0

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, whic...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2021-375359.8

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform nece...

CVE-2015-22827.5

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP...