CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
sapnetweaver_process_integration
7.10
sapnetweaver_process_integration
7.11
sapnetweaver_process_integration
7.20
sapnetweaver_process_integration
7.30
sapnetweaver_process_integration
7.31
sapnetweaver_process_integration
7.40
sapnetweaver_process_integration
7.50
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2741201
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
https://launchpad.support.sap.com/#/notes/2741201
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114