ID CVE-2019-0381
Summary A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:dynamic_tier:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:dynamic_tier:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:dynamic_tier:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:dynamic_tier:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_iq:16.1:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_iq:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sql_anywhere:17.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 15-10-2019 - 16:12)
Impact:
Exploitability:
CWE CWE-552
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
Last major update 15-10-2019 - 16:12
Published 08-10-2019 - 20:15
Back to Top