Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for SAP NetWeaver Process Integration (Messaging System) by SAP SE
CVE-2019-0278 (GCVE-0-2019-0278)
Vulnerability from nvd – Published: 2019-04-10 20:13 – Updated: 2024-08-04 17:44
VLAI?
Summary
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver Process Integration (Messaging System) |
Affected:
< 7.10 to 7.11
Affected: < 7.20 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50 |
Date Public ?
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Process Integration (Messaging System)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.10 to 7.11"
},
{
"status": "affected",
"version": "\u003c 7.20"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:32:08.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration (Messaging System)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.10 to 7.11"
},
{
"version_name": "\u003c",
"version_value": "7.20"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2741201",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0278",
"datePublished": "2019-04-10T20:13:45.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0278 (GCVE-0-2019-0278)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:13 – Updated: 2024-08-04 17:44
VLAI?
Summary
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver Process Integration (Messaging System) |
Affected:
< 7.10 to 7.11
Affected: < 7.20 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50 |
Date Public ?
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Process Integration (Messaging System)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.10 to 7.11"
},
{
"status": "affected",
"version": "\u003c 7.20"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:32:08.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration (Messaging System)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.10 to 7.11"
},
{
"version_name": "\u003c",
"version_value": "7.20"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2741201",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2741201"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0278",
"datePublished": "2019-04-10T20:13:45.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}