CVE-2019-0405
HIGHSAP Enable Now < 1911 - User Enumeration and Information Disclosure
Title source: llmDescription
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
Permissions Required, Vendor Advisory x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2845183
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
sap/enable_now
< 1911
Published
Dec 11, 2019
Tracked Since
Feb 18, 2026