CVE-2019-0381 - A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dyn

CVE-2019-0381

Summary

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

References

https://launchpad.support.sap.com/#/notes/2792430
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

Vulnerable Configurations

cpe:2.3:a:sap:dynamic_tier:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:dynamic_tier:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:dynamic_tier:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:dynamic_tier:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_iq:16.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_iq:16.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 15-10-2019 - 16:12)
Impact:
Exploitability:

CWE

CWE-552

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

Last major update

15-10-2019 - 16:12

Published

08-10-2019 - 20:15