CVE-2019-0328 - Vulnerability Details - OpenCVE

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Process Integration

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_process_integration:7.0:::::::*
	cpe:2.3:a:sap:netweaver_process_integration:7.1:::::::*
	cpe:2.3:a:sap:netweaver_process_integration:7.3:::::::*
	cpe:2.3:a:sap:netweaver_process_integration:7.4:::::::*
	cpe:2.3:a:sap:netweaver_process_integration:7.5:::::::*
	cpe:2.3:a:sap:netweaver_process_integration:7.31:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/109067
https://launchpad.support.sap.com/#/notes/2774489
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2019-07-10T19:10:37

Updated: 2024-08-04T17:44:16.476Z

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0328

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-10T20:15:12.123

Modified: 2024-11-21T04:16:41.410

Link: CVE-2019-0328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.0"}, {"status": "affected", "version": "< 7.1"}, {"status": "affected", "version": "< 7.3"}, {"status": "affected", "version": "< 7.31"}, {"status": "affected", "version": "< 7.4"}, {"status": "affected", "version": "< 7.5"}]}], "descriptions": [{"lang": "en", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T19:10:42", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"name": "109067", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109067"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)", "version": {"version_data": [{"version_name": "<", "version_value": "7.0"}, {"version_name": "<", "version_value": "7.1"}, {"version_name": "<", "version_value": "7.3"}, {"version_name": "<", "version_value": "7.31"}, {"version_name": "<", "version_value": "7.4"}, {"version_name": "<", "version_value": "7.5"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "109067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109067"}, {"name": "https://launchpad.support.sap.com/#/notes/2774489", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575", "refsource": "CONFIRM", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:16.476Z"}, "title": "CVE Program Container", "references": [{"name": "109067", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109067"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0328", "datePublished": "2019-07-10T19:10:37", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:44:16.476Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1785FB0A-AC85-4BFC-A9E2-41A9664D8DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6594C3CC-D474-4FB7-8B00-C6303EC6F254", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "E23F15D6-6410-4255-9D96-D4795CCB33A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A673172-AFA8-4613-9A1D-CC994395DB31", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "7482316A-99DB-48B2-ABEF-645BC92ACB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "587D81FB-B2ED-4184-9258-A38A18B36DC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}, {"lang": "es", "value": "ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecuci\u00f3n de comandos del sistema operativo con derechos privilegiados. Un atacante podr\u00eda afectar la integridad y disponibilidad del sistema."}], "id": "CVE-2019-0328", "lastModified": "2024-11-21T04:16:41.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-10T20:15:12.123", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109067"}, {"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}