CVE-2019-0301

Name of the Vulnerable Software and Affected Versions: SAP Identity Management versions with REST Interface Version 2 (affected versions not specified)

Description: The issue is related to insufficient access control in the SAP Identity Management REST Interface Version 2. Under certain conditions, it allows requesting the modification of role or privilege assignments, which would otherwise be restricted to viewing only. This could potentially enable a remote attacker to elevate their privileges.

Recommendations: For SAP Identity Management with REST Interface Version 2, restrict access to the REST interface to minimize the risk of exploitation. As a temporary workaround, consider disabling the modification of role or privilege assignments through the REST Interface Version 2 until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.