CVE-2019-0312

CWE-306 — Missing Authentication3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 60.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration(sap Xiesr)SAP SE SAP Netweaver Process Integration(sap Xitool)SAP Netweaver Process Integration

Timeline

PublishedJun 12

Latest updateMay 24

Description

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_process_integration(sap_xiesr)< 7.10 to 7.11+5

▶CVEListV5sap_se/sap_netweaver_process_integration(sap_xitool)< 7.10 to 7.11+4

▶NVDsap/netweaver_process_integration7 versions+6

🔴Vulnerability Details

GHSA

GHSA-6rqj-rwr9-wwm7: Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7↗2022-05-24

▶

CVEList

CVE-2019-0312: Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7↗2019-06-12

▶