CVE-2019-0338Sensitive Information Exposure in SE SAP Gateway

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 56.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP GatewaySAP Gateway
Timeline
PublishedAug 14
Latest updateMay 24

Description

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/sap_gateway< 750+3
NVDsap/gateway4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-rww3-gp24-435c: During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set,2022-05-24
CVEList
CVE-2019-0338: During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set,2019-08-14
CVE-2019-0338 — Sensitive Information Exposure | cvebase