CVE-2019-0349 — Missing Authorization in SE SAP Kernel

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 42.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Kernel SAP Advanced Business Application Programming Platform Kernel

Timeline

PublishedAug 14

Latest updateMay 24

Description

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_kernel< 7.21+9

▶NVDsap/advanced_business_application_programming_platform_kernel10 versions+9

🔴Vulnerability Details

GHSA

GHSA-6x67-5cp9-c6cq: SAP Kernel (ABAP Debugger), versions KRNL32NUC 7↗2022-05-24

▶

CVEList

CVE-2019-0349: SAP Kernel (ABAP Debugger), versions KRNL32NUC 7↗2019-08-14

▶

💬Community

Bugzilla

CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri↗2019-02-08

▶