CVE-2019-0381

5.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Iq; SAP Sql Anywhere; SAP Dynamic Tiering
Vendor: CVE Published:; 8 October 2019

Summary

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

Affected Version(s)

SAP Dynamic Tiering < 1.0 < 1.0

SAP Dynamic Tiering < 2.0 < 2.0

SAP IQ < 16.1

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2792430

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2019
Vulnerability Reserved
Nov 26, 2018