CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0257

HIGH
8.8
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile25.27th
PublishedFeb 15, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Platforms (CPE)

πŸ“¦
Sap

Netweaver Application Server Abap

>= 7.0 and <= 7.02
πŸ“¦
Sap

Netweaver Application Server Abap

>= 7.50 and <= 7.53
πŸ“¦
Sap

Netweaver Application Server Abap

= 7.30
πŸ“¦
Sap

Netweaver Application Server Abap

= 7.31
πŸ“¦
Sap

Netweaver Application Server Abap

= 7.40
πŸ“¦
Sap

Netweaver As Abap

>= 7.10 and <= 7.11
πŸ“¦
Sap

Netweaver As Abap

>= 7.74 and <= 7.75

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106999
πŸ”— https://launchpad.support.sap.com/#/notes/2728839
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
πŸ”— http://www.securityfocus.com/bid/106999
πŸ”— https://launchpad.support.sap.com/#/notes/2728839
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Related Vulnerabilities

CVE-2021-404999.8

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70,...

CVE-2026-236878.8

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid ...

CVE-2020-62968.8

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an at...

CVE-2015-22827.5

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP...