5.3
CVE-2019-0379
- EPSS 0.22%
- Veröffentlicht 08.10.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:16:46
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Process Integration Version1.0
SAP ≫ Process Integration Version2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.413 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.