CVE-2019-0391

MEDIUM

SAP NetWeaver AS Java <7.10-7.50 - Info Disclosure

Title source: llm
STIX 2.1

Description

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

References (2)

Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2835226

Scores

CVSS v3 4.3
EPSS 0.0089
EPSS Percentile 55.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (6)
sap/netweaver_application_server_java 7.10
sap/netweaver_application_server_java 7.20
sap/netweaver_application_server_java 7.30
sap/netweaver_application_server_java 7.31
sap/netweaver_application_server_java 7.40
sap/netweaver_application_server_java 7.50
Published Nov 13, 2019
Tracked Since Feb 18, 2026