CVE-2019-0270
https://notcve.org/view.php?id=CVE-2019-0270
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. El servidor ABAP de SAP NetWeaver y ABAP Platform no realiza correctamente las comprobaciones de autorización necesarias para un usuario autenticado, lo que resulta en un escalado de privilegios. Esto se ha solucionado en las siguientes versiones: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75 y 8.04. • http://www.securityfocus.com/bid/107377 https://launchpad.support.sap.com/#/notes/2727689 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-862: Missing Authorization •
CVE-2019-0255
https://notcve.org/view.php?id=CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. SAP NetWeaver AS ABAP Platform, en Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fracasa a la hora de validar el tipo de instalación para un sistema ABAP Server correctamente. Este comportamiento podría conducir a una situación por la cual el usuario de negocio logra acceder al menú completo de SAP. • http://www.securityfocus.com/bid/106987 https://launchpad.support.sap.com/#/notes/2723570 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-20: Improper Input Validation •