PT-2019-4302 · Sap · Sap Iq+2
Published
2019-10-08
·
Updated
2019-10-15
·
CVE-2019-0381
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP SQL Anywhere versions prior to 17.0
SAP IQ versions prior to 16.1
SAP Dynamic Tiering versions prior to 1.0 and 2.0
Description
The issue is related to insufficient protection of registration data in SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tiering, which can allow a remote attacker to gain unauthorized access to protected information. This can result in the inadvertent access of files located in directories outside of the paths specified by the user, due to a binary planting vulnerability.
Recommendations
For SAP SQL Anywhere versions prior to 17.0, update to version 17.0 or later to resolve the issue.
For SAP IQ versions prior to 16.1, update to version 16.1 or later to resolve the issue.
For SAP Dynamic Tiering versions prior to 1.0 and 2.0, update to version 1.0 or 2.0 or later to resolve the issue.
Fix
Insufficiently Protected Credentials
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Dynamic Tiering
Sap Iq
Sap Sql Anywhere