CVE-2019-0278

MEDIUM

SAP NetWeaver Process Integration - Information Disclosure via Monitoring Servlet

Title source: llm

Description

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2741201

Vendor Advisory x_refsource_confirm

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (7)

sap/netweaver_process_integration 7.10

sap/netweaver_process_integration 7.11

sap/netweaver_process_integration 7.20

sap/netweaver_process_integration 7.30

sap/netweaver_process_integration 7.31

sap/netweaver_process_integration 7.40

sap/netweaver_process_integration 7.50

Published Apr 10, 2019

Tracked Since Feb 18, 2026