6.5
CVE-2019-0293
- EPSS 0.22%
- Veröffentlicht 14.05.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:38
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginRead of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Sap Solution Manager System Version2008_1_700
SAP ≫ Sap Solution Manager System Version2008_1_710
SAP ≫ Sap Solution Manager System Version2008_1_740
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.