CVE-2019-0293 - Vulnerability Details - OpenCVE

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Sap Solution Manager System

Configuration 1 [-]

OR	cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:::::::*
	cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:::::::*
	cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108324
https://launchpad.support.sap.com/#/notes/2756625
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2019-05-14T20:21:40

Updated: 2024-08-04T17:44:16.414Z

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0293

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-14T21:29:00.810

Modified: 2024-11-21T04:16:38.823

Link: CVE-2019-0293

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP Solution Manager system (ST-PI)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 2008_1_700"}, {"status": "affected", "version": "< 2008_1_710"}, {"status": "affected", "version": "< 7.4"}]}], "descriptions": [{"lang": "en", "value": "Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740)."}], "problemTypes": [{"descriptions": [{"description": "Missing Authorization Check", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-14T21:06:12", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2756625"}, {"name": "108324", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108324"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP Solution Manager system (ST-PI)", "version": {"version_data": [{"version_name": "<", "version_value": "2008_1_700"}, {"version_name": "<", "version_value": "2008_1_710"}, {"version_name": "<", "version_value": "7.4"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Authorization Check"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"}, {"name": "https://launchpad.support.sap.com/#/notes/2756625", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2756625"}, {"name": "108324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108324"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:16.414Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2756625"}, {"name": "108324", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108324"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0293", "datePublished": "2019-05-14T20:21:40", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:44:16.414Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*", "matchCriteriaId": "9B2DACCF-66D4-44C5-B495-0B7755BA9302", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*", "matchCriteriaId": "2AC51B76-E8B0-4D33-B4EF-EA1E4197ECDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*", "matchCriteriaId": "E5E7D4CD-A31E-4DB7-BC58-95292BBD0560", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740)."}, {"lang": "es", "value": "La lectura del destino de RFC no siempre realiza la comprobaci\u00f3n de autorizaci\u00f3n, dando como resultado una escalada de privilegios para acceder a la informaci\u00f3n en los destinos en RFC en sistemas administrados y en sistemas SAP Solution Manager ( ST-PI, versiones anteriores 2008_1_700, 2008_1_710, and 740)."}], "id": "CVE-2019-0293", "lastModified": "2024-11-21T04:16:38.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-14T21:29:00.810", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108324"}, {"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2756625"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2756625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}