CVE-2019-0255
Published Feb 15, 2019
Last updated 6 years ago
Overview
- Description
- SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C2954E-3626-4DC7-85CA-241B9E826337"
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F72516A7-737D-407D-A483-E577993868FA"
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "167F9908-D675-49CA-8983-279E12B5FB11"
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.74:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68AE511D-175D-4076-8A6F-D988A0799095"
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80296DDD-A3B9-4A7F-B831-DC064A85CE38"
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DFDC7BE-4A75-4C80-8A5C-79699062DB43"
}
],
"operator": "OR"
}
]
}
]