CVE-2019-0293 - Read of RFC destination does not always perform necessary authorization checks, resulting in escalat

CVE-2019-0293

Summary

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

References

Vulnerable Configurations

cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

refmap via4

bid	108324
misc	https://launchpad.support.sap.com/#/notes/2756625 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032

Last major update

24-08-2020 - 17:37

Published

14-05-2019 - 21:29

Last modified

24-08-2020 - 17:37