Lucene search

[email protected]CVE-2019-0403

HistoryDec 11, 2019 - 10:15 p.m.

CVE-2019-0403

2019-12-1122:15:11

CWE-1236

[email protected]

web.nvd.nist.gov

sap

enable now

version 1911

command injection

csv

nvd

cve-2019-0403

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

Affected configurations

NVD

Node

sapenable_nowRange<1911

CPENameOperatorVersion
sap:enable_nowsap enable nowlt1911

CPE	Name	Operator	Version
sap:enable_now	sap enable now	lt	1911

CNA Affected

[
  {
    "product": "SAP Enable Now",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "before 1911"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2845183

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2019-0403

nvd1 prion1 cvelist1