CVE-2019-0293
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
La lectura del destino de RFC no siempre realiza la comprobación de autorización, dando como resultado una escalada de privilegios para acceder a la información en los destinos en RFC en sistemas administrados y en sistemas SAP Solution Manager ( ST-PI, versiones anteriores 2008_1_700, 2008_1_710, and 740).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-26 CVE Reserved
- 2019-05-14 CVE Published
- 2024-05-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108324 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Sap Solution Manager System Search vendor "Sap" for product "Sap Solution Manager System" | 2008_1_700 Search vendor "Sap" for product "Sap Solution Manager System" and version "2008_1_700" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sap Solution Manager System Search vendor "Sap" for product "Sap Solution Manager System" | 2008_1_710 Search vendor "Sap" for product "Sap Solution Manager System" and version "2008_1_710" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sap Solution Manager System Search vendor "Sap" for product "Sap Solution Manager System" | 2008_1_740 Search vendor "Sap" for product "Sap Solution Manager System" and version "2008_1_740" | - |
Affected
| ||||||