4.9
CVE-2019-0265
- EPSS 1.24%
- Published 15.02.2019 18:29:01
- Last modified 21.11.2024 04:16:36
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Advanced Business Application Programming Platform Kernel Version >= 7.21 <= 7.22
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.45
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.49
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.53
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.73
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.75.
SAP ≫ Advanced Business Application Programming Platform Krnl32nuc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl32nuc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl32uc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl32uc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl64nuc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl64nuc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl64uc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl64uc Version7.22ext
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.784 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.