CVE-2019-0315

3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 48.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration(sap Xiesr)SAP SE SAP Netweaver Process Integration(sap Xipck)SAP SE SAP Netweaver Process Integration(sap Xitool)+1 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5sap_se/sap_netweaver_process_integration(sap_xiesr)< 7.10 to 7.11+5

▶CVEListV5sap_se/sap_netweaver_process_integration(sap_xipck)< 7.10 to 7.11+2

▶CVEListV5sap_se/sap_netweaver_process_integration(sap_xitool)< 7.10 to 7.11+4

▶NVDsap/netweaver_process_integration7 versions+6

🔴Vulnerability Details

GHSA

GHSA-qqpm-9g4m-wxwv: Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7↗2022-05-24

▶

CVEList

CVE-2019-0315: Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7↗2019-06-12

▶