{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Application Server Java (J2EE-Framework)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.1"}, {"status": "affected", "version": "< 7.2"}, {"status": "affected", "version": "< 7.3"}, {"status": "affected", "version": "< 7.31"}, {"status": "affected", "version": "< 7.4"}, {"status": "affected", "version": "< 7.5"}]}], "descriptions": [{"lang": "en", "value": "An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T21:58:44", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2814357"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0389", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Application Server Java (J2EE-Framework)", "version": {"version_data": [{"version_name": "<", "version_value": "7.1"}, {"version_name": "<", "version_value": "7.2"}, {"version_name": "<", "version_value": "7.3"}, {"version_name": "<", "version_value": "7.31"}, {"version_name": "<", "version_value": "7.4"}, {"version_name": "<", "version_value": "7.5"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.support.sap.com/#/notes/2814357", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2814357"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:51:26.664Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2814357"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0389", "datePublished": "2019-11-13T21:58:44", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:26.664Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADA4F6C9-1CB3-4D82-AD9B-F0BD8203CC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "ADA6C739-64A9-4B97-90AE-8F8EF7025A10", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "4FEABB91-A615-426E-A652-5390C1B21A03", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "5AF1183A-3410-4E08-9473-3FF36C2096FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "CFF5713B-C0C4-4062-BC6F-0BBD1E6FF620", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "EEAE6C2A-821F-4123-BD56-0FDADF9D63C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise."}, {"lang": "es", "value": "Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ejecutar funciones, que no son permitidas ejecutar de otro modo."}], "id": "CVE-2019-0389", "lastModified": "2024-11-21T04:16:47.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T22:15:11.617", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2814357"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2814357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}