Details of VAR-201908-1852

ID

VAR-201908-1852

CVE

CVE-2019-0338

TITLE

SAP Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008348

DESCRIPTION

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. SAP Gateway Contains an information disclosure vulnerability.Information may be obtained. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. An attacker could exploit this vulnerability to access restricted information

Trust: 1.71

sources: NVD: CVE-2019-0338 // JVNDB: JVNDB-2019-008348 // VULHUB: VHN-140369

AFFECTED PRODUCTS

vendor:	sap	model:	gateway	scope:	eq	version:	750	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	751	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	752	Trust: 1.8
vendor:	sap	model:	gateway	scope:	eq	version:	753	Trust: 1.8

sources: JVNDB: JVNDB-2019-008348 // NVD: CVE-2019-0338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0338
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0338
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-914
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-140369
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0338
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-140369
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-0338
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-140369 // JVNDB: JVNDB-2019-008348 // CNNVD: CNNVD-201908-914 // NVD: CVE-2019-0338

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-140369 // JVNDB: JVNDB-2019-008348 // NVD: CVE-2019-0338

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-914

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-914

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008348

PATCH

title:	SAP Security Patch Day - August 2019	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017	Trust: 0.8
title:	SAP Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96599	Trust: 0.6

sources: JVNDB: JVNDB-2019-008348 // CNNVD: CNNVD-201908-914

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0338	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008348	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-914	Trust: 0.7
db:	VULHUB	id:	VHN-140369	Trust: 0.1

sources: VULHUB: VHN-140369 // JVNDB: JVNDB-2019-008348 // CNNVD: CNNVD-201908-914 // NVD: CVE-2019-0338

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/2793351	Trust: 1.7
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523998017	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0338	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0338	Trust: 0.8
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2019-30031	Trust: 0.6

sources: VULHUB: VHN-140369 // JVNDB: JVNDB-2019-008348 // CNNVD: CNNVD-201908-914 // NVD: CVE-2019-0338

SOURCES

db:	VULHUB	id:	VHN-140369
db:	JVNDB	id:	JVNDB-2019-008348
db:	CNNVD	id:	CNNVD-201908-914
db:	NVD	id:	CVE-2019-0338

LAST UPDATE DATE

2024-11-23T22:58:35.702000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-140369	date:	2019-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-008348	date:	2019-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201908-914	date:	2019-09-20T00:00:00
db:	NVD	id:	CVE-2019-0338	date:	2024-11-21T04:16:42.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-140369	date:	2019-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-008348	date:	2019-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201908-914	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-0338	date:	2019-08-14T14:15:16.167