OS Command Execution Vulnerability in SAP NetWeaver Process Integration
CVE-2019-0328

7.2HIGH

Key Information:

Vendor

SAP
Status
SAP Netweaver Process Integration Abap Tests (SAP Basis)
Vendor
CVE Published:
10 July 2019

What is CVE-2019-0328?

The ABAP Tests Modules in SAP Basis versions 7.0 through 7.5 within SAP NetWeaver Process Integration allow an attacker to execute operating system commands with elevated privileges. This vulnerable state can lead to significant risks to system integrity and availability, making it imperative for organizations using these versions to apply the necessary security updates and patches.

Affected Version(s)

SAP NetWeaver Process Integration ABAP tests (SAP Basis) < 7.0 < 7.0

SAP NetWeaver Process Integration ABAP tests (SAP Basis) < 7.1 < 7.1

SAP NetWeaver Process Integration ABAP tests (SAP Basis) < 7.3 < 7.3

References

http://www.securityfocus.com/bid/109067
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2774489
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.