PT-2019-4339 · Sap · Sap Hana Extended Application Services

Published

2019-09-10

Updated

2020-08-24

CVE-2019-0364

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP HANA Extended Application Services versions prior to 1.0.118

Description The issue is related to insufficient input validation in the SAP HANA Extended Application Services development tool. This can be exploited by a remote attacker to gain unauthorized access to the list of open ports. Attackers may misuse an HTTP/REST endpoint to enumerate open ports.

Recommendations For versions prior to 1.0.118, update to version 1.0.118 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/REST endpoint to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-00056

CVE-2019-0364

Affected Products

Sap Hana Extended Application Services

PT-2019-4339 · Sap · Sap Hana Extended Application Services

CVE-2019-0364

Weakness Enumeration

Related Identifiers

Affected Products

References · 5