CVE-2019-0363

EUVD-2019-1136
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
saphana_extended_application_services
𝑥
< 1.0.118
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2817491
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
https://launchpad.support.sap.com/#/notes/2817491
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506