PT-2019-4567 · Sap · Sap Netweaver As For Abap/Abap Platform
Published
2019-02-15
·
Updated
2022-10-05
·
CVE-2019-0257
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS ABAP Platform versions prior to 7.02
SAP NetWeaver AS ABAP Platform versions prior to 7.11
SAP NetWeaver AS ABAP Platform versions 7.30
SAP NetWeaver AS ABAP Platform versions 7.31
SAP NetWeaver AS ABAP Platform versions 7.40
SAP NetWeaver AS ABAP Platform versions prior to 7.53
SAP NetWeaver AS ABAP Platform versions prior to 7.75
Description
The issue is related to the customization functionality of the platform, which does not perform necessary authorization checks for an authenticated user. This results in an escalation of privileges. The vulnerability can be exploited by a remote attacker to elevate their privileges.
Recommendations
For versions 7.30, 7.31, and 7.40, update to a version with the necessary security fixes.
For versions prior to 7.02, update to version 7.02 or later.
For versions prior to 7.11, update to version 7.11 or later.
For versions prior to 7.53, update to version 7.53 or later.
For versions prior to 7.75, update to version 7.75 or later.
Fix
Improper Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Netweaver As For Abap/Abap Platform