Privilege Escalation Vulnerability in SAP NetWeaver AS ABAP Platform
CVE-2019-0257

8.8HIGH

Key Information:

Vendor: SAP
Status: Abap Platform(SAP Basis)
Vendor: CVE Published:; 15 February 2019

🔔 Create SAP Vulnerability Alert

What is CVE-2019-0257?

A vulnerability exists in SAP NetWeaver AS ABAP Platform due to insufficient authorization checks when customizing functionalities. An authenticated user can exploit this issue to gain elevated privileges, potentially compromising sensitive areas of the application. This flaw impacts a range of versions and requires timely updates to ensure that proper authorization mechanisms are enforced.

Affected Version(s)

ABAP Platform(SAP Basis) < from 7.0 to 7.02 < from 7.0 to 7.02

ABAP Platform(SAP Basis) < from 7.10 to 7.11 < from 7.10 to 7.11

ABAP Platform(SAP Basis) < 7.30 < 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2728839

x_refsource_MISC

http://www.securityfocus.com/bid/106999

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2019
Vulnerability Reserved
Nov 26, 2018

.