CVE-2019-0282
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.
Varias páginas web en SAP NetWeaver Process Integration (Runtime Workbench), corregidas en las versiones 7.10 hasta 7.11, 7.30, 7.31, 7.40, 7.50; puede ser accedida sin la autenticación del usuario, lo que puede exponer datos internos como la información de la versión, el paquete Java y los nombres de los objetos Java que pueden ser utilizados maliciosamente por el atacante.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-26 CVE Reserved
- 2019-04-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.10 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.10" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.11 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.30 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.31 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.40 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.40" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Process Integration Search vendor "Sap" for product "Netweaver Process Integration" | 7.50 Search vendor "Sap" for product "Netweaver Process Integration" and version "7.50" | - |
Affected
| ||||||