CVE-2019-0389

EUVD-2019-1162
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_application_server_java
7.1
sapnetweaver_application_server_java
7.2
sapnetweaver_application_server_java
7.3
sapnetweaver_application_server_java
7.4
sapnetweaver_application_server_java
7.5
sapnetweaver_application_server_java
7.31
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390