| Vulnerability Name: | CVE-2019-0393 (CCN-171542) | ||||||||||||
| Assigned: | 2018-11-26 | ||||||||||||
| Published: | 2019-11-12 | ||||||||||||
| Updated: | 2019-11-15 | ||||||||||||
| Summary: | An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | ||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-89 | ||||||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-0393 Source: XF Type: UNKNOWN sap-cve20190393-sql-injection(171542) Source: CCN Type: SAP Web site SAP Support Note 2816035 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/2816035 Source: CCN Type: SAP Security Patch Day - November 2019 SAP Security Patch Day - November 2019 Source: MISC Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||