CVE-2019-0261

CWE-306Missing Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.2%
top 13.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Hana Extended Application ServicesSAP Landscape Management
Timeline
PublishedFeb 15
Latest updateMay 13

Description

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_hana_extended_application_services< 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)

🔴Vulnerability Details

2
GHSA
GHSA-wvqm-vf4g-854v: Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for2022-05-13
CVEList
CVE-2019-0261: Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for2019-02-15
CVE-2019-0261 (CRITICAL CVSS 9.8) | Under certain circumstances | cvebase.io