Sign-up

ID

VAR-201908-1845


CVE

CVE-2019-0351


TITLE

SAP NetWeaver UDDI server Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-008169 // CNNVD: CNNVD-201908-872

DESCRIPTION

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. SAP NetWeaver UDDI server (Services Registry) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-0351 // JVNDB: JVNDB-2019-008169

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.10

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.20

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.30

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.31

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.40

Trust: 1.8

vendor:sapmodel:netweaverscope:eqversion:7.50

Trust: 1.8

sources: JVNDB: JVNDB-2019-008169 // NVD: CVE-2019-0351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0351
value: HIGH

Trust: 1.0

NVD: CVE-2019-0351
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-872
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-0351
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-0351
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-008169 // CNNVD: CNNVD-201908-872 // NVD: CVE-2019-0351

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2019-008169 // NVD: CVE-2019-0351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-872

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201908-872

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008169

PATCH
title:SAP Security Patch Day - August 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Trust: 0.8
title:SAP NetWeaver UDDI Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96561
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008169 // 
            
            
            
            CNNVD: CNNVD-201908-872

EXTERNAL IDS
db:NVDid:CVE-2019-0351
Trust: 2.4
db:JVNDBid:JVNDB-2019-008169
Trust: 0.8
db:CNNVDid:CNNVD-201908-872
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008169 // 
            
            
            
            CNNVD: CNNVD-201908-872 // 
            
            
            
            NVD: CVE-2019-0351

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523998017
Trust: 1.6
url:https://launchpad.support.sap.com/#/notes/2800779
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0351
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0351
Trust: 0.8
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2019-30031
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008169 // 
            
            
            
            CNNVD: CNNVD-201908-872 // 
            
            
            
            NVD: CVE-2019-0351

SOURCES
db:JVNDBid:JVNDB-2019-008169
db:CNNVDid:CNNVD-201908-872
db:NVDid:CVE-2019-0351

LAST UPDATE DATE
2024-11-23T22:37:43.450000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-008169date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201908-872date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0351date:2024-11-21T04:16:43.777

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-008169date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201908-872date:2019-08-13T00:00:00
db:NVDid:CVE-2019-0351date:2019-08-14T14:15:16.807