Information Disclosure Vulnerability in SAP Gateway for ABAP Application Server
CVE-2019-0248

5.9MEDIUM

Key Information:

Vendor
SAP
Status
SAP Gateway Of Abap Application Server(SAP Gwfnd)
SAP Gateway Of Abap Application Server(SAP Basis)
Vendor
CVE Published:
8 January 2019

Summary

The SAP Gateway of ABAP Application Server is vulnerable to an information disclosure issue that may permit unauthorized parties to access sensitive data under specific conditions. This vulnerability stems from improper restrictions, allowing attackers to gain access to information that should be protected. It is crucial for users of SAP software to apply the necessary patches provided in SAP_GWFND versions 7.5, 7.51, 7.52, and 7.53, as well as SAP_BASIS 7.5 to mitigate this risk.

Affected Version(s)

SAP Gateway of ABAP Application Server(SAP_BASIS) < 7.5

SAP Gateway of ABAP Application Server(SAP_GWFND) < 7.5 < 7.5

SAP Gateway of ABAP Application Server(SAP_GWFND) < 7.51 < 7.51

References

http://www.securityfocus.com/bid/106471
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2723142
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.