PT-2019-4464 · Sap · Sap Netweaver Application Server Java
Publicado
2019-11-12
·
Atualizado
2020-08-24
·
CVE-2019-0389
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server Java versions prior to 7.1
SAP NetWeaver Application Server Java versions prior to 7.2
SAP NetWeaver Application Server Java versions prior to 7.3
SAP NetWeaver Application Server Java versions prior to 7.31
SAP NetWeaver Application Server Java versions prior to 7.4
SAP NetWeaver Application Server Java versions prior to 7.5
Description
The issue is related to insecure privilege management in the SAP NetWeaver Application Server Java. Exploitation of this issue could allow a remote attacker to elevate their privileges. An administrator of the SAP NetWeaver Application Server Java may change privileges for all or some functions in the Java Server, enabling users to execute functions they are not otherwise allowed to execute.
Recommendations
For versions prior to 7.1, update to version 7.1 or later.
For versions prior to 7.2, update to version 7.2 or later.
For versions prior to 7.3, update to version 7.3 or later.
For versions prior to 7.31, update to version 7.31 or later.
For versions prior to 7.4, update to version 7.4 or later.
For versions prior to 7.5, update to version 7.5 or later.
Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap Netweaver Application Server Java