CVE-2019-0278

EUVD-2019-1051
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_process_integration
7.10
sapnetweaver_process_integration
7.11
sapnetweaver_process_integration
7.20
sapnetweaver_process_integration
7.30
sapnetweaver_process_integration
7.31
sapnetweaver_process_integration
7.40
sapnetweaver_process_integration
7.50
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2741201
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
https://launchpad.support.sap.com/#/notes/2741201
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114