Vulnerability CVE-2019-0265


Published: 2019-02-15

Description:
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
SAP -> Advanced business application programming platform kernel 
SAP -> Advanced business application programming platform krnl32nuc 
SAP -> Advanced business application programming platform krnl32uc 
SAP -> Advanced business application programming platform krnl64nuc 
SAP -> Advanced business application programming platform krnl64uc 

 References:
http://www.securityfocus.com/bid/106972
http://www.securityfocus.com/bid/107364
https://launchpad.support.sap.com/#/notes/2729710
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Copyright 2020, cxsecurity.com

 

Back to Top