CVE-2019-0270

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
sapadvanced_business_application_programming_platform_kernel
7.15
sapadvanced_business_application_programming_platform_kernel
7.21
sapadvanced_business_application_programming_platform_kernel
7.22
sapadvanced_business_application_programming_platform_kernel
7.49
sapadvanced_business_application_programming_platform_kernel
7.53
sapadvanced_business_application_programming_platform_kernel
7.73
sapadvanced_business_application_programming_platform_kernel
7.74
sapadvanced_business_application_programming_platform_kernel
7.75
sapadvanced_business_application_programming_platform_kernel
8.04
sapadvanced_business_application_programming_platform_krnl32nuc
7.21
sapadvanced_business_application_programming_platform_krnl32nuc
7.21ext:ext
sapadvanced_business_application_programming_platform_krnl32nuc
7.22
sapadvanced_business_application_programming_platform_krnl32nuc
7.22ext:ext
sapadvanced_business_application_programming_platform_krnl32uc
7.21
sapadvanced_business_application_programming_platform_krnl32uc
7.21ext:ext
sapadvanced_business_application_programming_platform_krnl32uc
7.22
sapadvanced_business_application_programming_platform_krnl32uc
7.22ext:ext
sapadvanced_business_application_programming_platform_krnl64nuc
7.21
sapadvanced_business_application_programming_platform_krnl64nuc
7.21ext:ext
sapadvanced_business_application_programming_platform_krnl64nuc
7.22
sapadvanced_business_application_programming_platform_krnl64nuc
7.22ext:ext
sapadvanced_business_application_programming_platform_krnl64uc
7.21
sapadvanced_business_application_programming_platform_krnl64uc
7.21ext:ext
sapadvanced_business_application_programming_platform_krnl64uc
7.22
sapadvanced_business_application_programming_platform_krnl64uc
7.22ext:ext
sapadvanced_business_application_programming_platform_krnl64uc
7.49
sapadvanced_business_application_programming_platform_krnl64uc
7.73
sapadvanced_business_application_programming_platform_krnl64uc
7.74
sapadvanced_business_application_programming_platform_krnl64uc
8.04
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107377
https://launchpad.support.sap.com/#/notes/2727689
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
http://www.securityfocus.com/bid/107377
https://launchpad.support.sap.com/#/notes/2727689
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080