PT-2019-11222 · Sap · Sap Solution Manager
Published
2019-05-14
·
Updated
2020-08-24
·
CVE-2019-0293
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SAP Solution Manager system (ST-PI) versions prior to 2008 1 700
SAP Solution Manager system (ST-PI) versions prior to 2008 1 710
SAP Solution Manager system (ST-PI) version prior to 740
Description:
The issue is related to the read of RFC destination, which does not always perform necessary authorization checks. This results in escalation of privileges to access information on RFC destinations on managed systems and the SAP Solution Manager system.
Recommendations:
For SAP Solution Manager system (ST-PI) versions prior to 2008 1 700, update to version 2008 1 700 or later.
For SAP Solution Manager system (ST-PI) versions prior to 2008 1 710, update to version 2008 1 710 or later.
For SAP Solution Manager system (ST-PI) version prior to 740, update to version 740 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Solution Manager