Details of VAR-201907-1475

ID

VAR-201907-1475

CVE

CVE-2019-0319

TITLE

SAP Gateway Vulnerability in injection

Trust: 0.8

sources: JVNDB: JVNDB-2019-006514

DESCRIPTION

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. ------------------------------------------ [VulnerabilityType Other] Content Spoofing ------------------------------------------ [Vendor of Product] SAP ------------------------------------------ [Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 ------------------------------------------ [PoC] Tested in SAPUI5 1.0.0 PoC: https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319 ------------------------------------------ [Discoverer] Offensive0Labs - Rafael Fontes Souza References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP Hello Rafael, We are pleased to inform you that we are releasing the following security note on July Patch Day 2019: Sec Incident ID(s) 1870475251 Security Note 2752614 Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway Advisory Plan Date 10/09/2019 Delivery date of fix/Patch Day 07/09/2019 CVSS Base Score 4.3 CVSS Base Vector NLNR | U | NLN Credits go to: Offensive0Labs, Rafael Fontes Souza *Notes will be visible to customers on 9th of July 2019. https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers "

Trust: 2.07

sources: NVD: CVE-2019-0319 // JVNDB: JVNDB-2019-006514 // BID: 109074 // VULHUB: VHN-140350 // PACKETSTORM: 153661

AFFECTED PRODUCTS

vendor:	sap	model:	gateway	scope:	eq	version:	7.5	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	7.51	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	7.52	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	7.53	Trust: 1.8
vendor:	sap	model:	ui5	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	sap	model:	sapui5	scope:	-	version:	-	Trust: 0.8
vendor:	sap	model:	netweaver gateway	scope:	eq	version:	7.53	Trust: 0.3
vendor:	sap	model:	netweaver gateway	scope:	eq	version:	7.52	Trust: 0.3
vendor:	sap	model:	netweaver gateway	scope:	eq	version:	7.51	Trust: 0.3
vendor:	sap	model:	netweaver gateway	scope:	eq	version:	7.5	Trust: 0.3

sources: BID: 109074 // JVNDB: JVNDB-2019-006514 // NVD: CVE-2019-0319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0319
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-0319
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-462
value:	HIGH
Trust: 0.6
VULHUB:	VHN-140350
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0319
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140350
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0319
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140350 // JVNDB: JVNDB-2019-006514 // CNNVD: CNNVD-201907-462 // NVD: CVE-2019-0319

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.9
problemtype:	CWE-79	Trust: 1.1

sources: VULHUB: VHN-140350 // JVNDB: JVNDB-2019-006514 // NVD: CVE-2019-0319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-462

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-462

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006514

PATCH

title:	SAP Security Patch Day - July 2019	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Trust: 0.8
title:	SAP Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94601	Trust: 0.6

sources: JVNDB: JVNDB-2019-006514 // CNNVD: CNNVD-201907-462

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0319	Trust: 2.9
db:	BID	id:	109074	Trust: 2.0
db:	PACKETSTORM	id:	153661	Trust: 1.8
db:	CXSECURITY	id:	WLB-2019050283	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-006514	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-462	Trust: 0.7
db:	CNVD	id:	CNVD-2020-04338	Trust: 0.1
db:	VULHUB	id:	VHN-140350	Trust: 0.1

sources: VULHUB: VHN-140350 // BID: 109074 // JVNDB: JVNDB-2019-006514 // PACKETSTORM: 153661 // CNNVD: CNNVD-201907-462 // NVD: CVE-2019-0319

REFERENCES

url:	http://packetstormsecurity.com/files/153661/sapui5-1.0.0-sap-gateway-7.5-7.51-7.52-7.53-content-spoofing.html	Trust: 2.9
url:	http://www.securityfocus.com/bid/109074	Trust: 2.3
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575	Trust: 2.0
url:	https://launchpad.support.sap.com/#/notes/2752614	Trust: 2.0
url:	https://cxsecurity.com/ascii/wlb-2019050283	Trust: 1.7
url:	https://drive.google.com/open?id=1agfqggvydehsk7mfisfkw7to60yif55f	Trust: 1.7
url:	https://launchpad.support.sap.com/#/notes/2911267	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0319	Trust: 1.5
url:	http://www.sap.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0319	Trust: 0.9
url:	https://wiki.scn.sap.com/wiki/display/psr/acknowledgments+to+security+researchers	Trust: 0.1
url:	https://capec.mitre.org/data/definitions/148.html	Trust: 0.1
url:	https://sapmobile.target.com/sap/opu/odata/ui2/interop/perscontainers(category='p	Trust: 0.1

sources: VULHUB: VHN-140350 // BID: 109074 // JVNDB: JVNDB-2019-006514 // PACKETSTORM: 153661 // CNNVD: CNNVD-201907-462 // NVD: CVE-2019-0319

CREDITS

SAP,Rafael Fontes Souza

Trust: 0.6

sources: CNNVD: CNNVD-201907-462

SOURCES

db:	VULHUB	id:	VHN-140350
db:	BID	id:	109074
db:	JVNDB	id:	JVNDB-2019-006514
db:	PACKETSTORM	id:	153661
db:	CNNVD	id:	CNNVD-201907-462
db:	NVD	id:	CVE-2019-0319

LAST UPDATE DATE

2024-11-23T22:51:42.570000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140350	date:	2020-08-24T00:00:00
db:	BID	id:	109074	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006514	date:	2019-07-23T00:00:00
db:	CNNVD	id:	CNNVD-201907-462	date:	2020-06-10T00:00:00
db:	NVD	id:	CVE-2019-0319	date:	2024-11-21T04:16:40.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140350	date:	2019-07-10T00:00:00
db:	BID	id:	109074	date:	2019-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006514	date:	2019-07-23T00:00:00
db:	PACKETSTORM	id:	153661	date:	2019-07-16T02:22:22
db:	CNNVD	id:	CNNVD-201907-462	date:	2019-07-09T00:00:00
db:	NVD	id:	CVE-2019-0319	date:	2019-07-10T19:15:10.220