CVE-2019-0257
HIGHSAP Netweaver Application Server Abap < 7.02 - Missing Authorization
Title source: ruleDescription
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
References (3)
Core 3
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2728839
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106999
Scores
CVSS v3
8.8
EPSS
0.0047
EPSS Percentile
64.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (5)
sap/netweaver_application_server_abap
7.30
sap/netweaver_application_server_abap
7.31
sap/netweaver_application_server_abap
7.40
sap/netweaver_application_server_abap
7.0 - 7.02
sap/netweaver_as_abap
7.10 - 7.11
Published
Feb 15, 2019
Tracked Since
Feb 18, 2026