CVE-2019-0282

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 64.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration (runtime Workbench)SAP Netweaver Process Integration

Timeline

PublishedApr 10

Latest updateMay 13

Description

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_process_integration_(runtime_workbench)< from 7.10 to 7.11+4

▶NVDsap/netweaver_process_integration6 versions+5

🔴Vulnerability Details

GHSA

GHSA-cqqh-9q5p-rjfx: Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7↗2022-05-13

▶

CVEList

CVE-2019-0282: Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7↗2019-04-10

▶