CVE-2019-0301
HIGHSAP Identity Management - Improper Privilege Management via REST Interface Version 2
Title source: llmDescription
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2784307
Scores
CVSS v3
8.8
EPSS
0.0033
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
sap/identity_management
2.0
Published
May 14, 2019
Tracked Since
Feb 18, 2026