CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-0257

HIGH
8.8
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile25.27th
Published2019年2月15日
Last Modified2024年11月21日

Vulnerability Description

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Platforms (CPE)

📦
Sap

Netweaver Application Server Abap

>= 7.0 and <= 7.02
📦
Sap

Netweaver Application Server Abap

>= 7.50 and <= 7.53
📦
Sap

Netweaver Application Server Abap

= 7.30
📦
Sap

Netweaver Application Server Abap

= 7.31
📦
Sap

Netweaver Application Server Abap

= 7.40
📦
Sap

Netweaver As Abap

>= 7.10 and <= 7.11
📦
Sap

Netweaver As Abap

>= 7.74 and <= 7.75

References & Advisories

🔗 http://www.securityfocus.com/bid/106999
🔗 https://launchpad.support.sap.com/#/notes/2728839
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
🔗 http://www.securityfocus.com/bid/106999
🔗 https://launchpad.support.sap.com/#/notes/2728839
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

関連する脆弱性情報

CVE-2021-404999.8

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70,...

CVE-2026-236878.8

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid ...

CVE-2020-62968.8

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an at...

CVE-2015-22827.5

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP...