Sign-up

ID

VAR-201906-1082


CVE

CVE-2019-0312


TITLE

SAP NetWeaver Process Integration Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-005477

DESCRIPTION

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

Trust: 1.89

sources: NVD: CVE-2019-0312 // JVNDB: JVNDB-2019-005477 // BID: 108703

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.40

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.31

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.30

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.20

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.11

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10

Trust: 1.3

vendor:sapmodel:netweaver process integrationscope: - version: -

Trust: 0.8

sources: BID: 108703 // JVNDB: JVNDB-2019-005477 // NVD: CVE-2019-0312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0312
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0312
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-503
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-0312
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0312
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-005477 // CNNVD: CNNVD-201906-503 // NVD: CVE-2019-0312

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-005477 // NVD: CVE-2019-0312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-503

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201906-503

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005477

PATCH
title:SAP Security Patch Day - June 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Trust: 0.8
title:SAP NetWeaver Process Integration Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93738
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005477 // 
            
            
            
            CNNVD: CNNVD-201906-503

EXTERNAL IDS
db:NVDid:CVE-2019-0312
Trust: 2.7
db:BIDid:108703
Trust: 0.9
db:JVNDBid:JVNDB-2019-005477
Trust: 0.8
db:CNNVDid:CNNVD-201906-503
Trust: 0.6
sources:
            
            
            BID: 108703 // 
            
            
            
            JVNDB: JVNDB-2019-005477 // 
            
            
            
            CNNVD: CNNVD-201906-503 // 
            
            
            
            NVD: CVE-2019-0312

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242
Trust: 1.9
url:https://launchpad.support.sap.com/#/notes/2744086
Trust: 1.9
url:http://www.sap.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0312
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0312
Trust: 0.8
url:https://www.securityfocus.com/bid/108703
Trust: 0.6
sources:
            
            
            BID: 108703 // 
            
            
            
            JVNDB: JVNDB-2019-005477 // 
            
            
            
            CNNVD: CNNVD-201906-503 // 
            
            
            
            NVD: CVE-2019-0312

CREDITS
The vendor reported the issue.
Trust: 0.9
sources:
            
            
            BID: 108703 // 
            
            
            
            CNNVD: CNNVD-201906-503

SOURCES
db:BIDid:108703
db:JVNDBid:JVNDB-2019-005477
db:CNNVDid:CNNVD-201906-503
db:NVDid:CVE-2019-0312

LAST UPDATE DATE
2024-08-14T15:38:52.472000+00:00

SOURCES UPDATE DATE
db:BIDid:108703date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005477date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-503date:2020-10-28T00:00:00
db:NVDid:CVE-2019-0312date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:BIDid:108703date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005477date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-503date:2019-06-11T00:00:00
db:NVDid:CVE-2019-0312date:2019-06-12T17:29:03.623