CVE-2019-0304
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
La función FTP de SAP NetWeaver AS ABAP Platform, versiones- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22EXT, 7.49, KRNL6464 7.21 EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, permite a un atacante inyectar un código o un comando específicamente manipulado que puede ser ejecutado por la aplicación. Por lo tanto, un atacante podría de este modo controlar el comportamiento de la aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-26 CVE Reserved
- 2019-06-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Kernel Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" | 7.21 Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" and version "7.21" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Kernel Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" | 7.45 Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" and version "7.45" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Kernel Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" | 7.49 Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" and version "7.49" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Kernel Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" | 7.53 Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Kernel Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" | 7.73 Search vendor "Sap" for product "Advanced Business Application Programming Platform Kernel" and version "7.73" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" | 7.21 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" and version "7.21" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" | 7.21ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" and version "7.21ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" | 7.22 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" | 7.22ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32nuc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" | 7.21 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" and version "7.21" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" | 7.21ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" and version "7.21ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" | 7.22 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl32uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" | 7.22ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl32uc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" | 7.21 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" and version "7.21" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" | 7.21ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" and version "7.21ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" | 7.22 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" | 7.22ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64nuc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" | 7.49 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64nuc" and version "7.49" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.21 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.21" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.21ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.21ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.22 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.22ext Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.49 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.49" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Advanced Business Application Programming Platform Krnl64uc Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" | 7.73 Search vendor "Sap" for product "Advanced Business Application Programming Platform Krnl64uc" and version "7.73" | - |
Affected
| ||||||