CVE-2019-0391

4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 49.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Java SAP Netweaver Application Server Java

Timeline

PublishedNov 13

Latest updateMay 24

Description

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_java< 7.10+5

▶NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

GHSA

GHSA-6j4m-pp4h-r44g: Under certain conditions SAP NetWeaver AS Java (corrected in 7↗2022-05-24

▶

CVEList

CVE-2019-0391: Under certain conditions SAP NetWeaver AS Java (corrected in 7↗2019-11-13

▶

📋Vendor Advisories

Red Hat

struts: User input is evaluated as an OGNL expression when there's a conversion error↗2011-08-05

▶