Vulnerability CVE-2019-0389
Published: 2019-11-13   Modified: 2019-11-14

Description:
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

Type:

CWE-269

 (Improper Privilege Management)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> Netweaver application server java 

 References:
https://launchpad.support.sap.com/#/notes/2814357
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Copyright 2024, cxsecurity.com

 

Back to Top