Lucene search

K
cveSapCVE-2019-0304
HistoryJun 12, 2019 - 3:29 p.m.

CVE-2019-0304

2019-06-1215:29:00
CWE-74
sap
web.nvd.nist.gov
59
cve-2019-0304
sap
netweaver
abap platform
ftp
krnl32nuc
krnl32uc
krnl64nuc
krnl64uc
kernel
security vulnerability
code injection
command manipulation

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

64.7%

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

Affected configurations

Nvd
Node
sapadvanced_business_application_programming_platform_kernelMatch7.21
OR
sapadvanced_business_application_programming_platform_kernelMatch7.45
OR
sapadvanced_business_application_programming_platform_kernelMatch7.49
OR
sapadvanced_business_application_programming_platform_kernelMatch7.53
OR
sapadvanced_business_application_programming_platform_kernelMatch7.73
OR
sapadvanced_business_application_programming_platform_krnl32nucMatch7.21
OR
sapadvanced_business_application_programming_platform_krnl32nucMatch7.21ext
OR
sapadvanced_business_application_programming_platform_krnl32nucMatch7.22
OR
sapadvanced_business_application_programming_platform_krnl32nucMatch7.22ext
OR
sapadvanced_business_application_programming_platform_krnl32ucMatch7.21
OR
sapadvanced_business_application_programming_platform_krnl32ucMatch7.21ext
OR
sapadvanced_business_application_programming_platform_krnl32ucMatch7.22
OR
sapadvanced_business_application_programming_platform_krnl32ucMatch7.22ext
OR
sapadvanced_business_application_programming_platform_krnl64nucMatch7.21
OR
sapadvanced_business_application_programming_platform_krnl64nucMatch7.21ext
OR
sapadvanced_business_application_programming_platform_krnl64nucMatch7.22
OR
sapadvanced_business_application_programming_platform_krnl64nucMatch7.22ext
OR
sapadvanced_business_application_programming_platform_krnl64nucMatch7.49
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.21
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.21ext
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.22
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.22ext
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.49
OR
sapadvanced_business_application_programming_platform_krnl64ucMatch7.73
VendorProductVersionCPE
sapadvanced_business_application_programming_platform_kernel7.21cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_kernel7.45cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_kernel7.49cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_kernel7.53cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_kernel7.73cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_krnl32nuc7.21cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_krnl32nuc7.21extcpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_krnl32nuc7.22cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_krnl32nuc7.22extcpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*
sapadvanced_business_application_programming_platform_krnl32uc7.21cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CNA Affected

[
  {
    "product": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      }
    ]
  },
  {
    "product": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      }
    ]
  },
  {
    "product": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      }
    ]
  },
  {
    "product": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.21EXT"
      },
      {
        "status": "affected",
        "version": "< 7.22"
      },
      {
        "status": "affected",
        "version": "< 7.22EXT"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      },
      {
        "status": "affected",
        "version": "< 7.73"
      }
    ]
  },
  {
    "product": "SAP NetWeaver AS ABAP Platform(KERNEL)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.21"
      },
      {
        "status": "affected",
        "version": "< 7.45"
      },
      {
        "status": "affected",
        "version": "< 7.49"
      },
      {
        "status": "affected",
        "version": "< 7.53"
      },
      {
        "status": "affected",
        "version": "< 7.73"
      }
    ]
  }
]

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

64.7%

Related for CVE-2019-0304