CVE-2019-0351 — SE SAP Netweaver Uddi Server vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

2.2%

top 15.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Uddi Server SAP Netweaver

Timeline

PublishedAug 14

Latest updateMay 24

Description

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to termina…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_uddi_server< 7.10+5

▶NVDsap/netweaver6 versions+5

🔴Vulnerability Details

GHSA

GHSA-8fvm-x69j-53wg: A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7↗2022-05-24

▶

CVEList

CVE-2019-0351: A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7↗2019-08-14

▶