PT-2019-4391 · Sap · Sap Gui For Java+2
Published
2019-09-10
·
Updated
2020-08-24
·
CVE-2019-0365
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SAP Kernel (RFC), KRNL32NUC, KRNL32UC, and KRNL64NUC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT
SAP Kernel (RFC), KRNL64UC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73
KERNEL versions prior to 7.21, 7.49, 7.53, 7.73, 7.76
SAP GUI for Windows (BC-FES-GUI) versions prior to 7.5, 7.6
SAP GUI for Java (BC-FES-JAV) version prior to 7.5
Description
The issue allows an attacker to prevent legitimate users from accessing a service by either crashing or flooding the service. This is due to insufficient input validation in the SAP Kernel. Exploitation of the issue can allow a remote attacker to cause a denial of service.
Recommendations
For SAP Kernel (RFC), KRNL32NUC, KRNL32UC, and KRNL64NUC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, update to version 7.21 or later.
For SAP Kernel (RFC), KRNL64UC versions prior to 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, update to version 7.73 or later.
For KERNEL versions prior to 7.21, 7.49, 7.53, 7.73, 7.76, update to version 7.76 or later.
For SAP GUI for Windows (BC-FES-GUI) versions prior to 7.5, 7.6, update to version 7.6 or later.
For SAP GUI for Java (BC-FES-JAV) version prior to 7.5, update to version 7.5 or later.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Gui For Java
Sap Gui For Windows
Sap Kernel