CVE-2019-0301

EUVD-2019-1074
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
sapidentity_management
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2784307
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
https://launchpad.support.sap.com/#/notes/2784307
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032