CVE-2019-0265 (GCVE-0-2019-0265)
Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | ABAP Platform (KRNL32NUC) |
Affected:
< 7.21
Affected: < 7.21EXT Affected: < 7.22 Affected: < 7.22EXT |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"name": "106972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106972"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2729710"
},
{
"name": "107364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Platform (KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "ABAP Platform (KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "ABAP Platform (KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
}
]
},
{
"product": "ABAP Platform (KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
},
{
"product": "ABAP Platform (KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.21 to 7.22"
},
{
"status": "affected",
"version": "\u003c 7.45"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.75"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-13T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"name": "106972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106972"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2729710"
},
{
"name": "107364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Platform (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "ABAP Platform (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
}
]
}
},
{
"product_name": "ABAP Platform (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
},
{
"product_name": "ABAP Platform (KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.21 to 7.22"
},
{
"version_name": "\u003c",
"version_value": "7.45"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.75"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"name": "106972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106972"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2729710",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2729710"
},
{
"name": "107364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0265",
"datePublished": "2019-02-15T18:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0265\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-02-15T18:29:01.883\",\"lastModified\":\"2024-11-21T04:16:36.090\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.\"},{\"lang\":\"es\",\"value\":\"El registro SLD de ABAP Platform permite que un atacante evite que usuarios leg\u00edtimos accedan a un servicio, ya sea cerrando o inundando el mismo. Se ha solucionado en las versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT y 7.49. 7.73 KERNEL desde la 7.21 hasta la 7.22, 7.45, 7.49, 7.53, 7.73 y 7.75.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.21\",\"versionEndIncluding\":\"7.22\",\"matchCriteriaId\":\"F9691C8B-396D-418C-A890-68AE5867456D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3006D7F9-6D11-48A6-899B-2C2955C1A67D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFDC66-A5C4-4135-9A7F-1778B9DDF2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB213CC-4C71-4B3A-9D9F-C83594597447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C2954E-3626-4DC7-85CA-241B9E826337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167F9908-D675-49CA-8983-279E12B5FB11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED21DC1E-A53A-4E92-83F0-7455EBEFA3A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93910493-4A5E-4E14-B6FD-6A5B175AE664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B9301C-C221-4345-A006-DA7B12E93D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2B2EC5-A03F-4EBB-BCAF-526DE7EFE2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"940B8331-6D22-418A-9D17-B14DAB035FE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D191560-7559-4D90-A593-261C4FD6458D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A83003-D709-4E48-8CBE-2AA40274ADA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471132DF-5B9A-4124-B75F-A09EA02C9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A50F5C48-173B-487A-8DD1-06A921E37602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD2EBEA5-D698-4595-A654-DEA58C948C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A901C3A0-E763-4133-9F1F-CDB5AE45A6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5B551B-0CD5-4800-9A0D-B5B36AD6BCCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED75DB6-7FF6-43CD-9801-7C8410042833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC9A5B1-F1B2-4804-BABD-2CAEA06BCC42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D40A13-C630-4E43-A44B-76CAB09FF2C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26486715-DC64-4AC6-A60D-01254A75C19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6953A3D-8BD4-45DA-A872-6222CB6C1B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C3A6702-3A41-4DA5-B705-AAC77A097AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80296DDD-A3B9-4A7F-B831-DC064A85CE38\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106972\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107364\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2729710\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107364\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2729710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…