CVE-2019-0349

HIGH

SAP Kernel (ABAP Debugger) - Missing Authorization Check for 'Go to statement'

Title source: llm

Description

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2798743

Scores

CVSS v3 7.2

EPSS 0.0035

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (10)

sap/advanced_business_application_programming_platform_kernel 7.21

sap/advanced_business_application_programming_platform_kernel 7.21ext

sap/advanced_business_application_programming_platform_kernel 7.22

sap/advanced_business_application_programming_platform_kernel 7.22ext

sap/advanced_business_application_programming_platform_kernel 7.49

sap/advanced_business_application_programming_platform_kernel 7.53

sap/advanced_business_application_programming_platform_kernel 7.73

sap/advanced_business_application_programming_platform_kernel 7.75

sap/advanced_business_application_programming_platform_kernel 7.76

sap/advanced_business_application_programming_platform_kernel 7.77

Published Aug 14, 2019

Tracked Since Feb 18, 2026