Sign-up

ID

VAR-201904-1083


CVE

CVE-2019-0278


TITLE

SAP NetWeaver Process Integration Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-003336

DESCRIPTION

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2019-0278 // JVNDB: JVNDB-2019-003336 // BID: 107807

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.30

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.31

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.40

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.11

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.20

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10 to 7.11

Trust: 0.8

vendor:sapmodel:netweaver process integrationscope:eqversion:750

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:740

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:731

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:730

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:720

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:711

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:710

Trust: 0.3

sources: BID: 107807 // JVNDB: JVNDB-2019-003336 // NVD: CVE-2019-0278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0278
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-422
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-0278
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0278
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-003336 // CNNVD: CNNVD-201904-422 // NVD: CVE-2019-0278

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-003336 // NVD: CVE-2019-0278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-422

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-422

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003336

PATCH
title:SAP Security Patch Day - April 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
Trust: 0.8
title:SAP NetWeaver Process Integration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91251
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003336 // 
            
            
            
            CNNVD: CNNVD-201904-422

EXTERNAL IDS
db:NVDid:CVE-2019-0278
Trust: 2.7
db:BIDid:107807
Trust: 0.9
db:JVNDBid:JVNDB-2019-003336
Trust: 0.8
db:CNNVDid:CNNVD-201904-422
Trust: 0.6
sources:
            
            
            BID: 107807 // 
            
            
            
            JVNDB: JVNDB-2019-003336 // 
            
            
            
            CNNVD: CNNVD-201904-422 // 
            
            
            
            NVD: CVE-2019-0278

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114
Trust: 1.9
url:https://launchpad.support.sap.com/#/notes/2741201
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0278
Trust: 1.4
url:http://www.securityfocus.com/bid/107807
Trust: 1.2
url:http://www.sap.com
Trust: 0.9
url:https://service.sap.com/sap/support/notes/2741201
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0278
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982
Trust: 0.6
sources:
            
            
            BID: 107807 // 
            
            
            
            JVNDB: JVNDB-2019-003336 // 
            
            
            
            CNNVD: CNNVD-201904-422 // 
            
            
            
            NVD: CVE-2019-0278

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107807

SOURCES
db:BIDid:107807
db:JVNDBid:JVNDB-2019-003336
db:CNNVDid:CNNVD-201904-422
db:NVDid:CVE-2019-0278

LAST UPDATE DATE
2024-08-14T15:02:22.110000+00:00

SOURCES UPDATE DATE
db:BIDid:107807date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003336date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-422date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0278date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:BIDid:107807date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003336date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-422date:2019-04-09T00:00:00
db:NVDid:CVE-2019-0278date:2019-04-10T21:29:01.107