Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ABAP Platform(SAP Basis) by SAP SE

    CVE-2019-0257 (GCVE-0-2019-0257)

    Vulnerability from nvd – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform(SAP Basis) Affected: < from 7.0 to 7.02
    Affected: < from 7.10 to 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < from 7.50 to 7.53
    Affected: < from 7.74 to 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2728839"
              },
              {
                "name": "106999",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform(SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.0 to 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.10 to 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.50 to 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.74 to 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform(SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.0 to 7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.10 to 7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.50 to 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.74 to 7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2728839",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2728839"
                },
                {
                  "name": "106999",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0257",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0257 (GCVE-0-2019-0257)

    Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform(SAP Basis) Affected: < from 7.0 to 7.02
    Affected: < from 7.10 to 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < from 7.50 to 7.53
    Affected: < from 7.74 to 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2728839"
              },
              {
                "name": "106999",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform(SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.0 to 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.10 to 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.50 to 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.74 to 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform(SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.0 to 7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.10 to 7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.50 to 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.74 to 7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2728839",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2728839"
                },
                {
                  "name": "106999",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0257",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }