CVE-2019-0381

CWE-552Files Accessible to External Parties3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 81.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
SAP SE SAP Dynamic TieringSAP SE SAP IQSAP SE SAP SQL Anywhere+3 more
Timeline
PublishedOct 8
Latest updateMay 24

Description

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5sap_se/sap_dynamic_tiering< 1.0+1
NVDsap/dynamic_tier1.0, 2.0+1
CVEListV5sap_se/sap_sql_anywhere< 17.0
CVEListV5sap_se/sap_iq< 16.1

🔴Vulnerability Details

2
GHSA
GHSA-g6vv-79qp-w952: A binary planting in SAP SQL Anywhere, before version 172022-05-24
CVEList
CVE-2019-0381: A binary planting in SAP SQL Anywhere, before version 172019-10-08
CVE-2019-0381 (MEDIUM CVSS 5.5) | A binary planting in SAP SQL Anywhe | cvebase.io