9.8
CVE-2019-0304
- EPSS 0.5%
- Published 12.06.2019 15:29:00
- Last modified 21.11.2024 04:16:39
- Source cna@sap.com
- Teams watchlist Login
- Open Login
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.21
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.45
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.49
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.53
SAP ≫ Advanced Business Application Programming Platform Kernel Version7.73
SAP ≫ Advanced Business Application Programming Platform Krnl32nuc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl32nuc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl32uc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl32uc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl64nuc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl64nuc Version7.22ext
SAP ≫ Advanced Business Application Programming Platform Krnl64uc Version7.21ext
SAP ≫ Advanced Business Application Programming Platform Krnl64uc Version7.22ext
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.651 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.