CVE-2019-0312

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
sapnetweaver_process_integration
7.10
sapnetweaver_process_integration
7.11
sapnetweaver_process_integration
7.20
sapnetweaver_process_integration
7.30
sapnetweaver_process_integration
7.31
sapnetweaver_process_integration
7.40
sapnetweaver_process_integration
7.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2744086
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
https://launchpad.support.sap.com/#/notes/2744086
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242