| |
Vulnerability CVE-2019-0301
Published: 2019-05-14
| Description: |
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing. |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://launchpad.support.sap.com/#/notes/2784307
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
