CVE-2019-0389
HIGHSAP NetWeaver Application Server Java - Privilege Escalation
Title source: llmDescription
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2814357
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Scores
CVSS v3
8.8
EPSS
0.0043
EPSS Percentile
63.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (6)
sap/netweaver_application_server_java
7.1
sap/netweaver_application_server_java
7.2
sap/netweaver_application_server_java
7.3
sap/netweaver_application_server_java
7.4
sap/netweaver_application_server_java
7.5
sap/netweaver_application_server_java
7.31
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026