PT-2019-2032 · Sap · Sap Netweaver+1
Published
2019-02-12
·
Updated
2020-08-24
·
CVE-2019-0270
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver and ABAP Platform versions prior to KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT
SAP NetWeaver and ABAP Platform versions prior to KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT
SAP NetWeaver and ABAP Platform versions prior to KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74
SAP NetWeaver and ABAP Platform versions prior to KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04
SAP NetWeaver and ABAP Platform versions prior to KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04
Description
The ABAP Server of SAP NetWeaver and ABAP Platform fails to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue is related to insufficient access control.
Recommendations
Update to KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT or later.
Update to KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT or later.
Update to KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74 or later.
Update to KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04 or later.
Update to KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abap Platform
Sap Netweaver