Sign-up

ID

VAR-201902-0717


CVE

CVE-2019-0257


TITLE

SAP NetWeaver AS ABAP Platform Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001919

DESCRIPTION

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP NetWeaver AS ABAP Platform Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP ABAP is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2019-0257 // JVNDB: JVNDB-2019-001919 // BID: 106999

AFFECTED PRODUCTS

vendor:sapmodel:netweaver abapscope:eqversion:7.40

Trust: 1.1

vendor:sapmodel:netweaver abapscope:eqversion:7.31

Trust: 1.1

vendor:sapmodel:netweaver abapscope:eqversion:7.30

Trust: 1.1

vendor:sapmodel:netweaver as abapscope:lteversion:7.02

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:gteversion:7.74

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:lteversion:7.11

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.30

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.40

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.31

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:gteversion:7.10

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:lteversion:7.53

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:lteversion:7.75

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:gteversion:7.50

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:gteversion:7.0

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.0 to 7.02

Trust: 0.8

vendor:sapmodel:netweaver abapscope:eqversion:7.10 to 7.11

Trust: 0.8

vendor:sapmodel:netweaver abapscope:eqversion:7.50 to 7.53

Trust: 0.8

vendor:sapmodel:netweaver abapscope:eqversion:7.74 to 7.75

Trust: 0.8

vendor:sapmodel:netweaver abapscope:eqversion:7.75

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.74

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.53

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.50

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.11

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.10

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaver abapscope:eqversion:7.0

Trust: 0.3

sources: BID: 106999 // JVNDB: JVNDB-2019-001919 // NVD: CVE-2019-0257

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-0257
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201902-522
value: HIGH

Trust: 0.6

NVD: CVE-2019-0257
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

NVD: CVE-2019-0257
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-0257
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-001919 // CNNVD: CNNVD-201902-522 // NVD: CVE-2019-0257

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-285

Trust: 0.8

sources: JVNDB: JVNDB-2019-001919 // NVD: CVE-2019-0257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-522

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201902-522

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-0257

PATCH
title:SAP Security Patch Day - February 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922943
Trust: 0.8
title:SAP ABAP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89333
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001919 // 
            
            
            
            CNNVD: CNNVD-201902-522

EXTERNAL IDS
db:NVDid:CVE-2019-0257
Trust: 2.7
db:BIDid:106999
Trust: 1.9
db:JVNDBid:JVNDB-2019-001919
Trust: 0.8
db:CNNVDid:CNNVD-201902-522
Trust: 0.6
sources:
            
            
            BID: 106999 // 
            
            
            
            JVNDB: JVNDB-2019-001919 // 
            
            
            
            CNNVD: CNNVD-201902-522 // 
            
            
            
            NVD: CVE-2019-0257

REFERENCES
url:http://www.securityfocus.com/bid/106999
Trust: 2.2
url:https://launchpad.support.sap.com/#/notes/2728839
Trust: 1.9
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922943
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0257
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0257
Trust: 0.8
url:http://www.sap.com/
Trust: 0.3
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=510922957
Trust: 0.3
sources:
            
            
            BID: 106999 // 
            
            
            
            JVNDB: JVNDB-2019-001919 // 
            
            
            
            CNNVD: CNNVD-201902-522 // 
            
            
            
            NVD: CVE-2019-0257

CREDITS
SAP
Trust: 0.9
sources:
            
            
            BID: 106999 // 
            
            
            
            CNNVD: CNNVD-201902-522

SOURCES
db:BIDid:106999
db:JVNDBid:JVNDB-2019-001919
db:CNNVDid:CNNVD-201902-522
db:NVDid:CVE-2019-0257

LAST UPDATE DATE
2022-09-21T22:23:59.889000+00:00

SOURCES UPDATE DATE
db:BIDid:106999date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001919date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-522date:2020-10-23T00:00:00
db:NVDid:CVE-2019-0257date:2022-09-20T17:39:00

SOURCES RELEASE DATE
db:BIDid:106999date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2019-001919date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-522date:2019-02-12T00:00:00
db:NVDid:CVE-2019-0257date:2019-02-15T18:29:00