Lucene search

[email protected]CVE-2019-0349

HistoryAug 14, 2019 - 3:15 p.m.

CVE-2019-0349

2019-08-1415:15:12

CWE-862

[email protected]

web.nvd.nist.gov

sap

kernel

abap debugger

authorization

nvd

cve-2019-0349

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

Affected configurations

NVD

Node

sapadvanced_business_application_programming_platform_kernelMatch7.21

sapadvanced_business_application_programming_platform_kernelMatch7.21ext

sapadvanced_business_application_programming_platform_kernelMatch7.22

sapadvanced_business_application_programming_platform_kernelMatch7.22ext

sapadvanced_business_application_programming_platform_kernelMatch7.49

sapadvanced_business_application_programming_platform_kernelMatch7.53

sapadvanced_business_application_programming_platform_kernelMatch7.73

sapadvanced_business_application_programming_platform_kernelMatch7.75

sapadvanced_business_application_programming_platform_kernelMatch7.76

sapadvanced_business_application_programming_platform_kernelMatch7.77

CPENameOperatorVersion
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.21
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.21ext
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.22
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.22ext
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.49
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.53
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.73
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.75
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.76
sap:advanced_business_application_programming_platform_kernelsap advanced business application programming platform kerneleq7.77

CPE	Name	Operator	Version
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.21
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.21ext
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.22
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.22ext
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.49
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.53
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.73
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.75
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.76
sap:advanced_business_application_programming_platform_kernel	sap advanced business application programming platform kernel	eq	7.77

CNA Affected

[
  {
    "product": "SAP Kernel (KRNL32NUC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      }
    ]
  },
  {
    "product": "SAP Kernel (KRNL32UC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      }
    ]
  },
  {
    "product": "SAP Kernel (KRNL64NUC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      }
    ]
  },
  {
    "product": "SAP Kernel (KRNL64UC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      },
      {
        "status": "affected",
        "version": "< 7.73"
      }
    ]
  },
  {
    "product": "SAP Kernel (KERNEL)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      },
      {
        "status": "affected",
        "version": "< 7.53"
      },
      {
        "status": "affected",
        "version": "< 7.73"
      },
      {
        "status": "affected",
        "version": "< 7.75"
      },
      {
        "status": "affected",
        "version": "< 7.76"
      },
      {
        "status": "affected",
        "version": "< 7.77"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2798743

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVE-2019-0349

prion1 nvd1 cvelist1