Vulnerability CVE-2019-0255
Published: 2019-02-15   Modified: 2019-02-16

Description:
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
SAP -> Advanced business application programming platform kernel 
SAP -> Advanced business application programming platform krnl64nuc 
SAP -> Advanced business application programming platform krnl64uc 

 References:
http://www.securityfocus.com/bid/106987
https://launchpad.support.sap.com/#/notes/2723570
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
Copyright 2024, cxsecurity.com

 

Back to Top