CVE-2019-0255

HIGH

SAP NetWeaver AS ABAP Platform Kernel 7.73-7.75 - Privilege Escalation via Improper Installation Type Validation

Title source: llm

Description

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2723570

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106987

Scores

CVSS v3 8.1

EPSS 0.0032

EPSS Percentile 55.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-20

Status published

Products (6)

sap/advanced_business_application_programming_platform_kernel 7.73

sap/advanced_business_application_programming_platform_kernel 7.74

sap/advanced_business_application_programming_platform_kernel 7.75.

sap/advanced_business_application_programming_platform_krnl64nuc 7.74

sap/advanced_business_application_programming_platform_krnl64uc 7.73

sap/advanced_business_application_programming_platform_krnl64uc 7.74

Published Feb 15, 2019

Tracked Since Feb 18, 2026