CVE-2019-0270

HIGH

SAP ABAP Server and ABAP Platform - Missing Authorization

Title source: llm
STIX 2.1

Description

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107377
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2727689

Scores

CVSS v3 8.8
EPSS 0.0043
EPSS Percentile 63.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (29)
sap/advanced_business_application_programming_platform_kernel 7.15
sap/advanced_business_application_programming_platform_kernel 7.21
sap/advanced_business_application_programming_platform_kernel 7.22
sap/advanced_business_application_programming_platform_kernel 7.49
sap/advanced_business_application_programming_platform_kernel 7.53
sap/advanced_business_application_programming_platform_kernel 7.73
sap/advanced_business_application_programming_platform_kernel 7.74
sap/advanced_business_application_programming_platform_kernel 7.75
sap/advanced_business_application_programming_platform_kernel 8.04
sap/advanced_business_application_programming_platform_krnl32nuc 7.21
... and 19 more
Published Mar 12, 2019
Tracked Since Feb 18, 2026