CVE-2019-0403

CRITICAL

SAP Enable Now < 1911 - Command Injection

Title source: rule

Description

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

References (2)

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/2845183

Scores

CVSS v3 9.8

EPSS 0.0569

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

sap/enable_now < 1911

Published Dec 11, 2019

Tracked Since Feb 18, 2026