PT-2019-2032 · Sap · Sap Netweaver+1
Publicado
2019-02-12
·
Atualizado
2020-08-24
·
CVE-2019-0270
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver and ABAP Platform versions prior to KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT
SAP NetWeaver and ABAP Platform versions prior to KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT
SAP NetWeaver and ABAP Platform versions prior to KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74
SAP NetWeaver and ABAP Platform versions prior to KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04
SAP NetWeaver and ABAP Platform versions prior to KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04
Description
The ABAP Server of SAP NetWeaver and ABAP Platform fails to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue is related to insufficient access control.
Recommendations
Update to KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT or later.
Update to KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT or later.
Update to KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74 or later.
Update to KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04 or later.
Update to KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Abap Platform
Sap Netweaver