PT-2019-4338 · Sap · Sap Hana Extended Application Services

Published

2019-09-10

Updated

2020-08-24

CVE-2019-0363

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions SAP HANA Extended Application Services versions prior to 1.0.118

Description The issue is related to insufficient input validation in the SAP HANA Extended Application Services development tool. This can be exploited by an attacker to gain unauthorized access to information about internal network ports or cause the server to overload.

Recommendations For versions prior to 1.0.118, update to version 1.0.118 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/REST endpoint to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-00055

CVE-2019-0363

Affected Products

Sap Hana Extended Application Services

PT-2019-4338 · Sap · Sap Hana Extended Application Services

CVE-2019-0363

Weakness Enumeration

Related Identifiers

Affected Products

References · 5