CVE-2019-0355
HIGHSAP NetWeaver Application Server Java Web Container < 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 - Code Injection
Title source: llmDescription
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
Permissions Required, Third Party Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2798336
Scores
CVSS v3
7.2
EPSS
0.0045
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (6)
sap/netweaver_application_server_java
7.10
sap/netweaver_application_server_java
7.20
sap/netweaver_application_server_java
7.30
sap/netweaver_application_server_java
7.31
sap/netweaver_application_server_java
7.40
sap/netweaver_application_server_java
7.50
Published
Sep 10, 2019
Tracked Since
Feb 18, 2026