XSRF Vulnerability in SAP Manufacturing Integration and Intelligence
CVE-2019-0267

8.8HIGH

Key Information:

Vendor
SAP
Status
SAP Manufacturing Integration And Intelligence
Vendor
CVE Published:
15 February 2019

Summary

The SAP Manufacturing Integration and Intelligence software, specifically versions 15.0, 15.1, and 15.2, is vulnerable due to the absence of Anti-XSRF tokens in the Illuminator Servlet. This lack of protection can enable attackers to execute unauthorized commands by sending malicious requests from an external application, potentially leading to data manipulation or leakage. Organizations using these versions must implement mitigations to safeguard against possible exploitation through XSRF attacks.

Affected Version(s)

SAP Manufacturing Integration and Intelligence < 15.0 < 15.0

SAP Manufacturing Integration and Intelligence < 15.1 < 15.1

SAP Manufacturing Integration and Intelligence < 15.2 < 15.2

References

http://www.securityfocus.com/bid/106990
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2686535
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.