CVE-2019-0304

CRITICAL

SAP NetWeaver AS ABAP Platform - Remote Code Execution via FTP Function

Title source: llm

Description

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2719530

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Scores

CVSS v3 9.8

EPSS 0.0050

EPSS Percentile 66.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (24)

sap/advanced_business_application_programming_platform_kernel 7.21

sap/advanced_business_application_programming_platform_kernel 7.45

sap/advanced_business_application_programming_platform_kernel 7.49

sap/advanced_business_application_programming_platform_kernel 7.53

sap/advanced_business_application_programming_platform_kernel 7.73

sap/advanced_business_application_programming_platform_krnl32nuc 7.21

sap/advanced_business_application_programming_platform_krnl32nuc 7.21ext

sap/advanced_business_application_programming_platform_krnl32nuc 7.22

sap/advanced_business_application_programming_platform_krnl32nuc 7.22ext

sap/advanced_business_application_programming_platform_krnl32uc 7.21

... and 14 more

Published Jun 12, 2019

Tracked Since Feb 18, 2026