CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0261
https://notcve.org/view.php?id=CVE-2019-0261
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). En determinadas circunstancias, SAP HANA Extended Application Services, en el modelo avanzado (XS advanced) no realiza las comprobaciones de autenticación correctamente para la plataforma XS advanced y los usuarios de negocio. Se ha solucionado en las versiones desde la 1.0.97 hasta la 1.0.99 (ejecutándose en SAP HANA 1 o SAP HANA 2 SPS0; la segunda "s" significa "stack" [pila]). • http://www.securityfocus.com/bid/106986 https://launchpad.support.sap.com/#/notes/2742027 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0249
https://notcve.org/view.php?id=CVE-2019-0249
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Landscape Management (VCM 3.0) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106464 https://launchpad.support.sap.com/#/notes/2727624 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •