| |
Vulnerability CVE-2019-0389
Published: 2019-11-13 Modified: 2019-11-14
Description: |
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. |
Type:
CWE-269 (Improper Privilege Management)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
|
|
|
Copyright 2024, cxsecurity.com
|
|
|