Privilege Escalation in SAP NetWeaver Application Server Java
CVE-2019-0389
8.8HIGH
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 13 November 2019
Summary
A privilege escalation vulnerability exists in the SAP NetWeaver Application Server Java, where an administrator can inadvertently change privileges for all or specific functions within the Java Server framework. This can lead to unauthorized users gaining access to execute critical functions that they would otherwise be restricted from performing, posing significant security risks.
Affected Version(s)
SAP NetWeaver Application Server Java (J2EE-Framework) < 7.1 < 7.1
SAP NetWeaver Application Server Java (J2EE-Framework) < 7.2 < 7.2
SAP NetWeaver Application Server Java (J2EE-Framework) < 7.3 < 7.3
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved