CVE-2019-0389

3 documents3 sources

Severity

8.8HIGH

EPSS

0.4%

top 37.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Java (j2ee-framework)SAP Netweaver Application Server Java

Timeline

PublishedNov 13

Latest updateMay 24

Description

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_java_(j2ee-framework)< 7.1+5

▶NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

GHSA

GHSA-77cc-2mff-5mxf: An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7↗2022-05-24

▶

CVEList

CVE-2019-0389: An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7↗2019-11-13

▶