Remote Code Execution Vulnerability in SAP NetWeaver UDDI Server
CVE-2019-0351

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Uddi Server (services Registry)
Vendor: CVE Published:; 14 August 2019

What is CVE-2019-0351?

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server, allowing attackers to exploit the Services Registry. By injecting malicious code into the server's working memory, attackers can gain unauthorized access and potentially take full control of the application. This could result in the ability to view, modify, or delete sensitive data. Additionally, this exploitation may cause the application to crash, leading to service disruption and loss of functionality.

Affected Version(s)

SAP NetWeaver UDDI Server (Services Registry) < 7.10 < 7.10

SAP NetWeaver UDDI Server (Services Registry) < 7.20 < 7.20

SAP NetWeaver UDDI Server (Services Registry) < 7.30 < 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2800779

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2019
Vulnerability Reserved
Nov 26, 2018