1. CVE-Search
  2. CVE-2019-0270
ID CVE-2019-0270
Summary ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.15:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:8.04:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:8.04:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:8.04:*:*:*:*:*:*:*
    cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:8.04:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 107377
misc
Last major update 24-08-2020 - 17:37
Published 12-03-2019 - 22:29
Last modified 24-08-2020 - 17:37
Back to Top