CVE-2019-0257

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Published: Feb 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0257
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / netweaver_as_abap	7.10	7.11.x
sap / netweaver_as_abap	7.74	7.75.x
sap / netweaver_application_server_abap	7.31	7.31.x
sap / netweaver_application_server_abap	7.0	7.02.x
sap / netweaver_application_server_abap	7.30	7.30.x
sap / netweaver_application_server_abap	7.40	7.40.x
sap / netweaver_application_server_abap	7.50	7.53.x

http://www.securityfocus.com/bid/106999
https://launchpad.support.sap.com/#/notes/2728839
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Vulnerability Database

289,784

CVE-2019-0257