CVE-2019-0351

Name of the Vulnerable Software and Affected Versions SAP NetWeaver UDDI Server (Services Registry) versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50

Description A remote code execution issue exists, allowing an attacker to potentially take complete control of the product by injecting code into the working memory, which is then executed by the application. This can enable the attacker to view, change, or delete data. The vulnerability can also cause a general fault in the product, leading to its termination. The issue is caused by a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, consider disabling the Services Registry component until a patch is available to prevent potential exploitation. Restrict access to the UDDI Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.