PT-2019-4391 · Sap · Sap Gui For Java+2
Publicado
2019-09-10
·
Atualizado
2020-08-24
·
CVE-2019-0365
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SAP Kernel (RFC), KRNL32NUC, KRNL32UC, and KRNL64NUC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT
SAP Kernel (RFC), KRNL64UC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73
KERNEL versions prior to 7.21, 7.49, 7.53, 7.73, 7.76
SAP GUI for Windows (BC-FES-GUI) versions prior to 7.5, 7.6
SAP GUI for Java (BC-FES-JAV) version prior to 7.5
Description
The issue allows an attacker to prevent legitimate users from accessing a service by either crashing or flooding the service. This is due to insufficient input validation in the SAP Kernel. Exploitation of the issue can allow a remote attacker to cause a denial of service.
Recommendations
For SAP Kernel (RFC), KRNL32NUC, KRNL32UC, and KRNL64NUC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, update to version 7.21 or later.
For SAP Kernel (RFC), KRNL64UC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, update to version 7.73 or later.
For KERNEL versions prior to 7.21, 7.49, 7.53, 7.73, 7.76, update to version 7.76 or later.
For SAP GUI for Windows (BC-FES-GUI) versions prior to 7.5, 7.6, update to version 7.6 or later.
For SAP GUI for Java (BC-FES-JAV) version prior to 7.5, update to version 7.5 or later.
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap Gui For Java
Sap Gui For Windows
Sap Kernel