CVE-2019-0338

2019-08-1413:49:43

sap

www.cve.org

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

CNA Affected

[
  {
    "product": "SAP Gateway",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 753"
      }
    ]
  }
]