CVE-2019-0403

CWE-12363 documents3 sources
Severity
9.8CRITICAL
EPSS
5.7%
top 9.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Enable NOWSAP SE SAP Enable NOW
Timeline
PublishedDec 11
Latest updateMay 24

Description

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsap/enable_now< 1911
CVEListV5sap_se/sap_enable_nowbefore 1911

🔴Vulnerability Details

2
GHSA
GHSA-jpvg-r6vh-56w3: SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Comma2022-05-24
CVEList
CVE-2019-0403: SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Comma2019-12-11
CVE-2019-0403 (CRITICAL CVSS 9.8) | SAP Enable Now | cvebase.io