PT-2019-4464 · Sap · Sap Netweaver Application Server Java
Published
2019-11-12
·
Updated
2020-08-24
·
CVE-2019-0389
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server Java versions prior to 7.1
SAP NetWeaver Application Server Java versions prior to 7.2
SAP NetWeaver Application Server Java versions prior to 7.3
SAP NetWeaver Application Server Java versions prior to 7.31
SAP NetWeaver Application Server Java versions prior to 7.4
SAP NetWeaver Application Server Java versions prior to 7.5
Description
The issue is related to insecure privilege management in the SAP NetWeaver Application Server Java. Exploitation of this issue could allow a remote attacker to elevate their privileges. An administrator of the SAP NetWeaver Application Server Java may change privileges for all or some functions in the Java Server, enabling users to execute functions they are not otherwise allowed to execute.
Recommendations
For versions prior to 7.1, update to version 7.1 or later.
For versions prior to 7.2, update to version 7.2 or later.
For versions prior to 7.3, update to version 7.3 or later.
For versions prior to 7.31, update to version 7.31 or later.
For versions prior to 7.4, update to version 7.4 or later.
For versions prior to 7.5, update to version 7.5 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Java