Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for advanced_business_application_programming_platform_krnl64nuc by sap

    CVE-2019-0304 (GCVE-0-2019-0304)

    Vulnerability from nvd – Published: 2019-06-12 14:21 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KERNEL) Affected: < 7.21
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.439Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2719530"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-12T16:11:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2719530"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2719530",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2719530"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0304",
        "datePublished": "2019-06-12T14:21:39.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0270 (GCVE-0-2019-0270)

    Vulnerability from nvd – Published: 2019-03-12 22:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform & Server (KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.74
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Affected: < 7.74
    Affected: < 8.04
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KERNEL) Affected: < 7.21
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Affected: < 7.74
    Affected: < 7.75
    Affected: < 8.04
    Create a notification for this product.
    Date Public
    2019-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107377",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107377"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2727689"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform \u0026 Server (KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.75"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "datePublic": "2019-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-14T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "107377",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107377"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2727689"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.75"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107377",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107377"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2727689",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2727689"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0270",
        "datePublished": "2019-03-12T22:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0265 (GCVE-0-2019-0265)

    Vulnerability from nvd – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform (KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Create a notification for this product.
    SAP SE ABAP Platform (KERNEL) Affected: < from 7.21 to 7.22
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Affected: < 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "name": "106972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2729710"
              },
              {
                "name": "107364",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform (KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            },
            {
              "product": "ABAP Platform (KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.21 to 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-13T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "name": "106972",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2729710"
            },
            {
              "name": "107364",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107364"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0265",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform (KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.21 to 7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "106972",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106972"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2729710",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2729710"
                },
                {
                  "name": "107364",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107364"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0265",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0255 (GCVE-0-2019-0255)

    Vulnerability from nvd – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    sap
    References
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2723570"
              },
              {
                "name": "106987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106987"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is \u0027Easy Access Menu\u0027. The situation can be misused by any user to leverage privileges to business functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2723570"
            },
            {
              "name": "106987",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106987"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0255",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is \u0027Easy Access Menu\u0027. The situation can be misused by any user to leverage privileges to business functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2723570",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2723570"
                },
                {
                  "name": "106987",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106987"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0255",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0304 (GCVE-0-2019-0304)

    Vulnerability from cvelistv5 – Published: 2019-06-12 14:21 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Create a notification for this product.
    SAP SE SAP NetWeaver AS ABAP Platform(KERNEL) Affected: < 7.21
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.439Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2719530"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            },
            {
              "product": "SAP NetWeaver AS ABAP Platform(KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-12T16:11:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2719530"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0304",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP NetWeaver AS ABAP Platform(KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2719530",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2719530"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0304",
        "datePublished": "2019-06-12T14:21:39.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0270 (GCVE-0-2019-0270)

    Vulnerability from cvelistv5 – Published: 2019-03-12 22:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform & Server (KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.74
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Affected: < 7.74
    Affected: < 8.04
    Create a notification for this product.
    SAP SE ABAP Platform & Server (KERNEL) Affected: < 7.21
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Affected: < 7.74
    Affected: < 7.75
    Affected: < 8.04
    Create a notification for this product.
    Date Public
    2019-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107377",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107377"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2727689"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform \u0026 Server (KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            },
            {
              "product": "ABAP Platform \u0026 Server (KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.74"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.75"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "datePublic": "2019-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-14T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "107377",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107377"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2727689"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform \u0026 Server (KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.74"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.75"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107377",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107377"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2727689",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2727689"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0270",
        "datePublished": "2019-03-12T22:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0265 (GCVE-0-2019-0265)

    Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform (KRNL32NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL32UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL64NUC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Create a notification for this product.
    SAP SE ABAP Platform (KRNL64UC) Affected: < 7.21
    Affected: < 7.21EXT
    Affected: < 7.22
    Affected: < 7.22EXT
    Affected: < 7.49
    Affected: < 7.73
    Create a notification for this product.
    SAP SE ABAP Platform (KERNEL) Affected: < from 7.21 to 7.22
    Affected: < 7.45
    Affected: < 7.49
    Affected: < 7.53
    Affected: < 7.73
    Affected: < 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "name": "106972",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2729710"
              },
              {
                "name": "107364",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform (KRNL32NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL32UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL64NUC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                }
              ]
            },
            {
              "product": "ABAP Platform (KRNL64UC)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.21"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.21EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                }
              ]
            },
            {
              "product": "ABAP Platform (KERNEL)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.21 to 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.45"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-13T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "name": "106972",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2729710"
            },
            {
              "name": "107364",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107364"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0265",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform (KRNL32NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL32UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL64NUC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KRNL64UC)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.21EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ABAP Platform (KERNEL)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.21 to 7.22"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.45"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.49"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.73"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "106972",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106972"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2729710",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2729710"
                },
                {
                  "name": "107364",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107364"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0265",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0255 (GCVE-0-2019-0255)

    Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    sap
    References
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2723570"
              },
              {
                "name": "106987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106987"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is \u0027Easy Access Menu\u0027. The situation can be misused by any user to leverage privileges to business functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2723570"
            },
            {
              "name": "106987",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106987"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0255",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is \u0027Easy Access Menu\u0027. The situation can be misused by any user to leverage privileges to business functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2723570",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2723570"
                },
                {
                  "name": "106987",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106987"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0255",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }