CVE-2019-0306

3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 58.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Hana Extended Application Services (advanced Model)SAP Hana Extended Application Services

Timeline

PublishedJun 12

Latest updateMay 24

Description

SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_hana_extended_application_services_(advanced_model)< 1.0

▶NVDsap/hana_extended_application_services1.0

🔴Vulnerability Details

GHSA

GHSA-wqjg-qgh6-3682: SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAudito↗2022-05-24

▶

CVEList

CVE-2019-0306: SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAudito↗2019-06-12

▶