Privilege Escalation in SAP NetWeaver Application Server Java
CVE-2019-0389

8.8HIGH

Key Information:

Vendor
SAP
Vendor
CVE Published:
13 November 2019

Summary

A privilege escalation vulnerability exists in the SAP NetWeaver Application Server Java, where an administrator can inadvertently change privileges for all or specific functions within the Java Server framework. This can lead to unauthorized users gaining access to execute critical functions that they would otherwise be restricted from performing, posing significant security risks.

Affected Version(s)

SAP NetWeaver Application Server Java (J2EE-Framework) < 7.1 < 7.1

SAP NetWeaver Application Server Java (J2EE-Framework) < 7.2 < 7.2

SAP NetWeaver Application Server Java (J2EE-Framework) < 7.3 < 7.3

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.