Sign-up

ID

VAR-201904-1085


CVE

CVE-2019-0282


TITLE

SAP NetWeaver Process Integration Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-003332

DESCRIPTION

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker. SAP NetWeaver Process Integration (Runtime Workbench) Contains an information disclosure vulnerability.Information may be obtained. SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

Trust: 1.89

sources: NVD: CVE-2019-0282 // JVNDB: JVNDB-2019-003332 // BID: 107801

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.30

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.31

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.40

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope:eqversion:7.11

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10 to 7.11

Trust: 0.8

vendor:sapmodel:netweaver process integrationscope:eqversion:750

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:740

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:731

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:730

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:711

Trust: 0.3

vendor:sapmodel:netweaver process integrationscope:eqversion:710

Trust: 0.3

sources: BID: 107801 // JVNDB: JVNDB-2019-003332 // NVD: CVE-2019-0282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0282
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0282
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-374
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-0282
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-003332 // CNNVD: CNNVD-201904-374 // NVD: CVE-2019-0282

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-003332 // NVD: CVE-2019-0282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-374

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003332

PATCH
title:SAP Security Patch Day - April 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
Trust: 0.8
title:SAP NetWeaver Process Integration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91203
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003332 // 
            
            
            
            CNNVD: CNNVD-201904-374

EXTERNAL IDS
db:NVDid:CVE-2019-0282
Trust: 2.7
db:BIDid:107801
Trust: 0.9
db:JVNDBid:JVNDB-2019-003332
Trust: 0.8
db:CNNVDid:CNNVD-201904-374
Trust: 0.6
sources:
            
            
            BID: 107801 // 
            
            
            
            JVNDB: JVNDB-2019-003332 // 
            
            
            
            CNNVD: CNNVD-201904-374 // 
            
            
            
            NVD: CVE-2019-0282

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2742758
Trust: 1.9
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-0282
Trust: 1.4
url:https://www.securityfocus.com/bid/107801
Trust: 1.2
url:http://www.sap.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0282
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982
Trust: 0.6
sources:
            
            
            BID: 107801 // 
            
            
            
            JVNDB: JVNDB-2019-003332 // 
            
            
            
            CNNVD: CNNVD-201904-374 // 
            
            
            
            NVD: CVE-2019-0282

CREDITS
The vendor reported the issue.
Trust: 0.9
sources:
            
            
            BID: 107801 // 
            
            
            
            CNNVD: CNNVD-201904-374

SOURCES
db:BIDid:107801
db:JVNDBid:JVNDB-2019-003332
db:CNNVDid:CNNVD-201904-374
db:NVDid:CVE-2019-0282

LAST UPDATE DATE
2024-08-14T15:12:50.091000+00:00

SOURCES UPDATE DATE
db:BIDid:107801date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003332date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-374date:2020-10-28T00:00:00
db:NVDid:CVE-2019-0282date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:BIDid:107801date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003332date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-374date:2019-04-09T00:00:00
db:NVDid:CVE-2019-0282date:2019-04-10T21:29:01.217