SAP BASIS Privilege Escalation Vulnerability Affecting Various Versions
CVE-2019-0279
8.8HIGH
Summary
In SAP BASIS, certain ABAP function modules such as INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST lack comprehensive authorization checks under specific conditions. This oversight can lead to unauthorized privilege escalation for authenticated users, potentially compromising system integrity. It is crucial for users of affected SAP BASIS versions to apply the necessary patches provided by SAP to mitigate these vulnerabilities.
Affected Version(s)
SAP BASIS < from 7.00 to 7.02 < from 7.00 to 7.02
SAP BASIS < from 7.10 to 7.30 < from 7.10 to 7.30
SAP BASIS < 7.31 < 7.31
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved