| Vulnerability Name: | CVE-2019-0278 (CCN-160749) | ||||||||||||
| Assigned: | 2018-11-26 | ||||||||||||
| Published: | 2019-04-09 | ||||||||||||
| Updated: | 2020-08-24 | ||||||||||||
| Summary: | Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. | ||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-0278 Source: XF Type: UNKNOWN sap-cve20190278-info-disc(160749) Source: CCN Type: SAP Web site SAP Support Note 2741201 Source: CONFIRM Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/2741201 Source: CCN Type: SAP Security Patch Day April 2019 SAP Security Patch Day April 2019 Source: CONFIRM Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||