CVE-2019-0278

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration (Messaging System) versions prior to 7.10 SAP NetWeaver Process Integration (Messaging System) versions 7.10 to 7.11 SAP NetWeaver Process Integration (Messaging System) version 7.20 SAP NetWeaver Process Integration (Messaging System) version 7.30 SAP NetWeaver Process Integration (Messaging System) version 7.31 SAP NetWeaver Process Integration (Messaging System) version 7.40 SAP NetWeaver Process Integration (Messaging System) version 7.50

Description: The issue allows an attacker to see the names of database tables used by the application under certain conditions, leading to information disclosure. This occurs in the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System).

Recommendations: For SAP NetWeaver Process Integration (Messaging System) versions prior to 7.10, update to version 7.10 or later. For SAP NetWeaver Process Integration (Messaging System) versions 7.10 to 7.11, update to version 7.20 or later. For SAP NetWeaver Process Integration (Messaging System) version 7.20, update to version 7.30 or later. For SAP NetWeaver Process Integration (Messaging System) version 7.30, update to version 7.31 or later. For SAP NetWeaver Process Integration (Messaging System) version 7.31, update to version 7.40 or later. For SAP NetWeaver Process Integration (Messaging System) version 7.40, update to version 7.50 or later. For SAP NetWeaver Process Integration (Messaging System) version 7.50, no specific fix is provided, consider updating to a later version if available.