Vulnerability CVE-2019-0261


Published: 2019-02-15

Description:
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> Landscape management 

 References:
http://www.securityfocus.com/bid/106986
https://launchpad.support.sap.com/#/notes/2742027
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Copyright 2020, cxsecurity.com

 

Back to Top