Privilege Escalation Vulnerability in SAP Solution Manager by SAP
CVE-2019-0293

6.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Solution Manager System (st-pi)
Vendor
CVE Published:
14 May 2019

Summary

This vulnerability involves a flaw in the authorization checks for Remote Function Call (RFC) destinations in managed systems. If exploited, it allows an unauthorized user to gain elevated privileges, thereby accessing sensitive information on RFC destinations. The issue affects certain versions of the SAP Solution Manager ST-PI components, potentially allowing attackers to manipulate system configurations and sensitive data.

Affected Version(s)

SAP Solution Manager system (ST-PI) < 2008_1_700 < 2008_1_700

SAP Solution Manager system (ST-PI) < 2008_1_710 < 2008_1_710

SAP Solution Manager system (ST-PI) < 7.4 < 7.4

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2756625
x_refsource_MISC
http://www.securityfocus.com/bid/108324
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.