CVE-2019-0389
published 2019-11-13CVE-2019-0389: An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap_se | sap_netweaver_application_server_java | < 7.1 | 7.1 |
| sap_se | sap_netweaver_application_server_java | < 7.2 | 7.2 |
| sap_se | sap_netweaver_application_server_java | < 7.3 | 7.3 |
| sap_se | sap_netweaver_application_server_java | < 7.31 | 7.31 |
| sap_se | sap_netweaver_application_server_java | < 7.4 | 7.4 |
| sap_se | sap_netweaver_application_server_java | < 7.5 | 7.5 |