Details of VAR-201910-1603

ID

VAR-201910-1603

CVE

CVE-2019-0367

TITLE

SAP NetWeaver Process Integration Vulnerabilities related to lack of authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-010437

DESCRIPTION

SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check. SAP NetWeaver Process Integration (B2B Toolkit) Is vulnerable to a lack of authentication.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2019-0367 // JVNDB: JVNDB-2019-010437 // VULMON: CVE-2019-0367

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver process integration	scope:	eq	version:	2.0	Trust: 1.6
vendor:	sap	model:	netweaver process integration	scope:	eq	version:	1.0	Trust: 1.6
vendor:	sap	model:	netweaver process integration	scope:	lt	version:	1.0	Trust: 0.8
vendor:	sap	model:	netweaver process integration	scope:	lt	version:	2.0	Trust: 0.8

sources: JVNDB: JVNDB-2019-010437 // CNNVD: CNNVD-201910-411 // NVD: CVE-2019-0367

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0367
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0367
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201910-411
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-0367
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0367
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-0367
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0367
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-0367 // JVNDB: JVNDB-2019-010437 // CNNVD: CNNVD-201910-411 // NVD: CVE-2019-0367

PROBLEMTYPE DATA

problemtype:

CWE-862

Trust: 1.8

sources: JVNDB: JVNDB-2019-010437 // NVD: CVE-2019-0367

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-411

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010437

PATCH

title:	SAP Security Patch Day - October 2019	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050	Trust: 0.8
title:	SAP NetWeaver Process Integration Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99080	Trust: 0.6

sources: JVNDB: JVNDB-2019-010437 // CNNVD: CNNVD-201910-411

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0367	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-010437	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-411	Trust: 0.6
db:	VULMON	id:	CVE-2019-0367	Trust: 0.1

sources: VULMON: CVE-2019-0367 // JVNDB: JVNDB-2019-010437 // CNNVD: CNNVD-201910-411 // NVD: CVE-2019-0367

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/2805777	Trust: 1.7
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=528123050	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0367	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0367	Trust: 0.8
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-october-2019-30550	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110346	Trust: 0.1

sources: VULMON: CVE-2019-0367 // JVNDB: JVNDB-2019-010437 // CNNVD: CNNVD-201910-411 // NVD: CVE-2019-0367

SOURCES

db:	VULMON	id:	CVE-2019-0367
db:	JVNDB	id:	JVNDB-2019-010437
db:	CNNVD	id:	CNNVD-201910-411
db:	NVD	id:	CVE-2019-0367

LAST UPDATE DATE

2024-08-14T14:38:43.093000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-0367	date:	2019-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-010437	date:	2019-10-15T00:00:00
db:	CNNVD	id:	CNNVD-201910-411	date:	2019-11-21T00:00:00
db:	NVD	id:	CVE-2019-0367	date:	2019-10-10T15:01:39.617

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-0367	date:	2019-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-010437	date:	2019-10-15T00:00:00
db:	CNNVD	id:	CNNVD-201910-411	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2019-0367	date:	2019-10-08T20:15:10.903