CVE-2019-0267

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 59.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Manufacturing Integration AND Intelligence SAP Manufacturing Integration AND Intelligence

Timeline

PublishedFeb 15

Latest updateMay 14

Description

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_manufacturing_integration_and_intelligence< 15.0+2

▶NVDsap/manufacturing_integration_and_intelligence15.0, 15.1, 15.2+2

🔴Vulnerability Details

GHSA

GHSA-x27f-w33x-pqqr: SAP Manufacturing Integration and Intelligence, versions 15↗2022-05-14

▶

CVEList

CVE-2019-0267: SAP Manufacturing Integration and Intelligence, versions 15↗2019-02-15

▶