CVE-2019-0257

2019-02-1518:00:00

sap

www.cve.org

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.1%

JSON

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CNA Affected

[
  {
    "product": "ABAP Platform(SAP Basis)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< from 7.0 to 7.02"
      },
      {
        "status": "affected",
        "version": "< from 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< from 7.50 to 7.53"
      },
      {
        "status": "affected",
        "version": "< from 7.74 to 7.75"
      }
    ]
  }
]