CVE-2019-0304 — Injection in SE SAP Netweaver AS Abap Platform

CWE-74 — Injection CWE-94 — Code Injection CWE-271 — Privilege Dropping / Lowering Errors5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 33.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap Platform SAP Advanced Business Application Programming Platform Kernel SAP Advanced Business Application Programming Platform Krnl32nuc +3 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDsap/advanced_business_application_programming_platform_kernel5 versions+4

▶NVDsap/advanced_business_application_programming_platform_krnl32uc4 versions+3

▶NVDsap/advanced_business_application_programming_platform_krnl64uc6 versions+5

▶NVDsap/advanced_business_application_programming_platform_krnl32nuc4 versions+3

▶NVDsap/advanced_business_application_programming_platform_krnl64nuc5 versions+4

🔴Vulnerability Details

GHSA

GHSA-cr28-fpxh-wjpp: FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7↗2022-05-24

▶

CVEList

CVE-2019-0304: FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7↗2019-06-12

▶

📋Vendor Advisories

Red Hat

docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc↗2020-06-23

▶

💬Community

Bugzilla

CVE-2020-14298 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc↗2020-06-18

▶