EUVD-2019-1118

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Remote attacker exploits SAP NetWeaver vulnerability to leak authentication credentials via XML file

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2019-0345	14 Aug 201913:54	–	cve
Cvelist	CVE-2019-0345	14 Aug 201913:54	–	cvelist
NVD	CVE-2019-0345	14 Aug 201914:15	–	nvd
OSV	CVE-2019-0345	14 Aug 201914:15	–	osv
Prion	Server side request forgery (ssrf)	14 Aug 201914:15	–	prion
RedhatCVE	CVE-2019-0345	22 May 202504:09	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "a579d1ac-2980-3705-ac8b-6d38c2646c81",
        "vendor": {
          "name": "SAP SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "56c5b1a9-22d2-315e-8784-c0b7d0b17ab2",
        "product": {
          "name": "SAP NetWeaver Application Server for Java (Administrator System Overview)"
        },
        "product_version": "< 7.30"
      },
      {
        "id": "eddc5e9c-994d-317a-bce8-450d01bdce6f",
        "product": {
          "name": "SAP NetWeaver Application Server for Java (Administrator System Overview)"
        },
        "product_version": "< 7.31"
      },
      {
        "id": "ee3cb906-e031-3669-8715-e9139c287a57",
        "product": {
          "name": "SAP NetWeaver Application Server for Java (Administrator System Overview)"
        },
        "product_version": "< 7.50"
      },
      {
        "id": "f0978141-a917-3463-9a86-1f70ff527bef",
        "product": {
          "name": "SAP NetWeaver Application Server for Java (Administrator System Overview)"
        },
        "product_version": "< 7.40"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.5High risk

Vulners AI Score9.5

CVSS 39.8

CVSS 25

EPSS0.01025