PT-2019-4403 · Sap · Sap Ui 700+1

Published

2019-11-12

Updated

2019-11-20

CVE-2019-0388

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP UI5 versions prior to 7.5 SAP UI5 versions 7.51 through 7.54 SAP UI 700 version 2.0

Description The issue is related to the HTTP handler of the SAP UI5 platform, which is vulnerable to authentication bypass via spoofing. This could allow a remote attacker to impact the integrity of protected information. The vulnerability is due to insufficient URL validation, allowing an attacker to manipulate content.

Recommendations For SAP UI5 versions prior to 7.5, update to version 7.5 or later. For SAP UI5 versions 7.51 through 7.54, update to a version outside of this range. For SAP UI 700 version 2.0, update to a version later than 2.0.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

BDU:2020-00125

CVE-2019-0388

Affected Products

Sap Ui5

Sap Ui 700

PT-2019-4403 · Sap · Sap Ui 700+1

CVE-2019-0388

Weakness Enumeration

Related Identifiers

Affected Products

References · 5