Vulnerability CVE-2019-0389


Published: 2019-11-13   Modified: 2019-11-14

Description:
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Copyright 2019, cxsecurity.com

 

Back to Top