CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-0389

HIGH
8.8
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile23.80th
Published2019年11月13日
Last Modified2024年11月21日

Vulnerability Description

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Affected Platforms (CPE)

📦
Sap

Netweaver Application Server Java

= 7.1
📦
Sap

Netweaver Application Server Java

= 7.2
📦
Sap

Netweaver Application Server Java

= 7.3
📦
Sap

Netweaver Application Server Java

= 7.4
📦
Sap

Netweaver Application Server Java

= 7.5
📦
Sap

Netweaver Application Server Java

= 7.31

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2814357
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
🔗 https://launchpad.support.sap.com/#/notes/2814357
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

関連する脆弱性情報

CVE-2010-532610.0

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, whic...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2021-375359.8

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform nece...

CVE-2015-22827.5

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP...