| Vulnerability Name: | CVE-2019-0328 (CCN-166218) | ||||||||||||
| Assigned: | 2018-11-26 | ||||||||||||
| Published: | 2019-07-09 | ||||||||||||
| Updated: | 2019-07-18 | ||||||||||||
| Summary: | ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. | ||||||||||||
| CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-0328 Source: BID Type: Third Party Advisory, VDB Entry 109067 Source: XF Type: UNKNOWN sap-cve20190328-cmd-exec(166218) Source: CCN Type: SAP Web site SAP Support Note 2774489 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/2774489 Source: CCN Type: SAP Security Patch Day - July 2019 SAP Security Patch Day - July 2019 Source: CONFIRM Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||