CVE-2019-0282

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration (Runtime Workbench) versions prior to 7.10 SAP NetWeaver Process Integration (Runtime Workbench) versions 7.10 to 7.11 SAP NetWeaver Process Integration (Runtime Workbench) version 7.30 SAP NetWeaver Process Integration (Runtime Workbench) version 7.31 SAP NetWeaver Process Integration (Runtime Workbench) version 7.40 SAP NetWeaver Process Integration (Runtime Workbench) version 7.50

Description: The issue allows several web pages to be accessed without user authentication, potentially exposing internal data such as release information, Java package names, and Java object names, which could be misused by an attacker.

Recommendations: For SAP NetWeaver Process Integration (Runtime Workbench) versions prior to 7.10, update to version 7.10 or later. For SAP NetWeaver Process Integration (Runtime Workbench) versions 7.10 to 7.11, update to version 7.30 or later. For SAP NetWeaver Process Integration (Runtime Workbench) version 7.30, update to version 7.31 or later. For SAP NetWeaver Process Integration (Runtime Workbench) version 7.31, update to version 7.40 or later. For SAP NetWeaver Process Integration (Runtime Workbench) version 7.40, update to version 7.50 or later. For SAP NetWeaver Process Integration (Runtime Workbench) version 7.50, ensure that user authentication is properly configured to prevent unauthorized access to internal data.