Sign-up

ID

VAR-201906-1084


CVE

CVE-2019-0315


TITLE

SAP NetWeaver Process Integration Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-005478

DESCRIPTION

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure. SAP NetWeaver Process Integration Contains an information disclosure vulnerability.Information may be obtained. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2019-0315 // JVNDB: JVNDB-2019-005478 // BID: 108714

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.30

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.31

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.11

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.20

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.40

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope:eqversion:7.10

Trust: 1.0

vendor:sapmodel:netweaver process integrationscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.50

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.40

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.31

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.11

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xitoolscope:eqversion:7.10

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.50

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.40

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.31

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.11

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xipckscope:eqversion:7.10

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.50

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.40

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.31

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.30

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.20

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.11

Trust: 0.3

vendor:sapmodel:netweaver process integration sap xiesrscope:eqversion:7.10

Trust: 0.3

sources: BID: 108714 // JVNDB: JVNDB-2019-005478 // NVD: CVE-2019-0315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0315
value: HIGH

Trust: 1.0

NVD: CVE-2019-0315
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-525
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-0315
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0315
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-005478 // CNNVD: CNNVD-201906-525 // NVD: CVE-2019-0315

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-005478 // NVD: CVE-2019-0315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-525

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201906-525

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005478

PATCH
title:SAP Security Patch Day - June 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Trust: 0.8
title:SAP NetWeaver Process Integration Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93757
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005478 // 
            
            
            
            CNNVD: CNNVD-201906-525

EXTERNAL IDS
db:NVDid:CVE-2019-0315
Trust: 2.7
db:BIDid:108714
Trust: 0.9
db:JVNDBid:JVNDB-2019-005478
Trust: 0.8
db:CNNVDid:CNNVD-201906-525
Trust: 0.6
sources:
            
            
            BID: 108714 // 
            
            
            
            JVNDB: JVNDB-2019-005478 // 
            
            
            
            CNNVD: CNNVD-201906-525 // 
            
            
            
            NVD: CVE-2019-0315

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=521864242
Trust: 1.9
url:https://launchpad.support.sap.com/#/notes/2755438
Trust: 1.6
url:http://www.sap.com
Trust: 0.9
url:https://service.sap.com/sap/support/notes/2755438
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0315
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0315
Trust: 0.8
url:https://www.securityfocus.com/bid/108714
Trust: 0.6
sources:
            
            
            BID: 108714 // 
            
            
            
            JVNDB: JVNDB-2019-005478 // 
            
            
            
            CNNVD: CNNVD-201906-525 // 
            
            
            
            NVD: CVE-2019-0315

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 108714

SOURCES
db:BIDid:108714
db:JVNDBid:JVNDB-2019-005478
db:CNNVDid:CNNVD-201906-525
db:NVDid:CVE-2019-0315

LAST UPDATE DATE
2024-08-14T15:02:15.907000+00:00

SOURCES UPDATE DATE
db:BIDid:108714date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005478date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-525date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0315date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE
db:BIDid:108714date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2019-005478date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-525date:2019-06-11T00:00:00
db:NVDid:CVE-2019-0315date:2019-06-12T17:29:03.747