XSRF Vulnerability in SAP Manufacturing Integration and Intelligence
CVE-2019-0267

8.8HIGH

Key Information:

Vendor

SAP
Status
SAP Manufacturing Integration And Intelligence
Vendor
CVE Published:
15 February 2019

What is CVE-2019-0267?

The SAP Manufacturing Integration and Intelligence software, specifically versions 15.0, 15.1, and 15.2, is vulnerable due to the absence of Anti-XSRF tokens in the Illuminator Servlet. This lack of protection can enable attackers to execute unauthorized commands by sending malicious requests from an external application, potentially leading to data manipulation or leakage. Organizations using these versions must implement mitigations to safeguard against possible exploitation through XSRF attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Manufacturing Integration and Intelligence < 15.0 < 15.0

SAP Manufacturing Integration and Intelligence < 15.1 < 15.1

SAP Manufacturing Integration and Intelligence < 15.2 < 15.2

References

http://www.securityfocus.com/bid/106990
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2686535
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.