CVE-2019-0278 — Sensitive Information Exposure in SE SAP Netweaver Process Integration

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 58.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration SAP Netweaver Process Integration

Timeline

PublishedApr 10

Latest updateMay 13

Description

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_process_integration< 7.10 to 7.11+5

▶NVDsap/netweaver_process_integration7 versions+6

🔴Vulnerability Details

GHSA

GHSA-vx4w-72v6-jcj9: Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7↗2022-05-13

▶

CVEList

CVE-2019-0278: Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7↗2019-04-10

▶