CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-0279

HIGH
8.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile14.49th
Published2019年4月10日
Last Modified2024年11月21日

Vulnerability Description

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.

Affected Platforms (CPE)

📦
Sap

Business Application Software Integrated Solution

>= 7.00 and <= 7.02
📦
Sap

Business Application Software Integrated Solution

>= 7.10 and <= 7.30
📦
Sap

Business Application Software Integrated Solution

>= 7.50 and <= 7.53
📦
Sap

Business Application Software Integrated Solution

= 7.31
📦
Sap

Business Application Software Integrated Solution

= 7.40

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2753629
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
🔗 https://launchpad.support.sap.com/#/notes/2753629
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

関連する脆弱性情報

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...