PT-2019-5598 · Sap · Sap Netweaver Process Integration Runtime Workbench

Published

2019-09-10

Updated

2020-09-10

CVE-2019-0356

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP XIAF versions prior to 7.31, 7.40, 7.50

Description The issue is related to a lack of protection for internal data in the MESSAGING and SAP XIAF components of SAP NetWeaver Process Integration. Under certain conditions, this allows an attacker to access restricted information. The exploitation of this issue can enable a remote attacker to disclose protected information.

Recommendations For versions prior to 7.31, update to version 7.31 or later. For versions prior to 7.40, update to version 7.40 or later. For versions prior to 7.50, update to version 7.50 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-04625

CVE-2019-0356

Affected Products

Sap Netweaver Process Integration Runtime Workbench

PT-2019-5598 · Sap · Sap Netweaver Process Integration Runtime Workbench

CVE-2019-0356

Weakness Enumeration

Related Identifiers

Affected Products

References · 5