Sign-up

ID

VAR-201907-1481


CVE

CVE-2019-0328


TITLE

SAP NetWeaver Process Integration In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006505

DESCRIPTION

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. SAP NetWeaver Process Integration Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP NetWeaver Process Integration is prone to a code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible

Trust: 1.89

sources: NVD: CVE-2019-0328 // JVNDB: JVNDB-2019-006505 // BID: 109067

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.5

Trust: 2.1

vendor:sapmodel:netweaver process integrationscope:eqversion:7.4

Trust: 2.1

vendor:sapmodel:netweaver process integrationscope:eqversion:7.31

Trust: 2.1

vendor:sapmodel:netweaver process integrationscope:eqversion:7.3

Trust: 2.1

vendor:sapmodel:netweaver process integrationscope:eqversion:7.1

Trust: 2.1

vendor:sapmodel:netweaver process integrationscope:eqversion:7.0

Trust: 2.1

sources: BID: 109067 // JVNDB: JVNDB-2019-006505 // NVD: CVE-2019-0328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0328
value: HIGH

Trust: 1.0

NVD: CVE-2019-0328
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-457
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-0328
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0328
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-006505 // CNNVD: CNNVD-201907-457 // NVD: CVE-2019-0328

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-006505 // NVD: CVE-2019-0328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-457

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-457

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006505

PATCH
title:SAP Security Patch Day - July 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
Trust: 0.8
title:SAP NetWeaver Process Integration Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94596
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006505 // 
            
            
            
            CNNVD: CNNVD-201907-457

EXTERNAL IDS
db:NVDid:CVE-2019-0328
Trust: 2.7
db:BIDid:109067
Trust: 1.9
db:JVNDBid:JVNDB-2019-006505
Trust: 0.8
db:CNNVDid:CNNVD-201907-457
Trust: 0.6
sources:
            
            
            BID: 109067 // 
            
            
            
            JVNDB: JVNDB-2019-006505 // 
            
            
            
            CNNVD: CNNVD-201907-457 // 
            
            
            
            NVD: CVE-2019-0328

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2774489
Trust: 1.9
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575
Trust: 1.9
url:http://www.securityfocus.com/bid/109067
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0328
Trust: 1.4
url:http://www.sap.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0328
Trust: 0.8
sources:
            
            
            BID: 109067 // 
            
            
            
            JVNDB: JVNDB-2019-006505 // 
            
            
            
            CNNVD: CNNVD-201907-457 // 
            
            
            
            NVD: CVE-2019-0328

CREDITS
SAP
Trust: 0.9
sources:
            
            
            BID: 109067 // 
            
            
            
            CNNVD: CNNVD-201907-457

SOURCES
db:BIDid:109067
db:JVNDBid:JVNDB-2019-006505
db:CNNVDid:CNNVD-201907-457
db:NVDid:CVE-2019-0328

LAST UPDATE DATE
2024-08-14T14:45:17.628000+00:00

SOURCES UPDATE DATE
db:BIDid:109067date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006505date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-457date:2019-07-23T00:00:00
db:NVDid:CVE-2019-0328date:2019-07-18T13:37:49.993

SOURCES RELEASE DATE
db:BIDid:109067date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006505date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-457date:2019-07-09T00:00:00
db:NVDid:CVE-2019-0328date:2019-07-10T20:15:12.123