CVE-2019-0293
Published May 14, 2019
Last updated 4 years ago
Overview
- Description
- Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-862
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B2DACCF-66D4-44C5-B495-0B7755BA9302"
},
{
"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AC51B76-E8B0-4D33-B4EF-EA1E4197ECDB"
},
{
"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5E7D4CD-A31E-4DB7-BC58-95292BBD0560"
}
],
"operator": "OR"
}
]
}
]