Vulnerability Details : CVE-2019-0261
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
Products affected by CVE-2019-0261
- cpe:2.3:a:sap:landscape_management:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0261
3.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0261
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-0261
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0261
-
https://launchpad.support.sap.com/#/notes/2742027
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
http://www.securityfocus.com/bid/106986
SAP HANA CVE-2019-0261 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
SAP Security Patch Day – February 2019 - Product Security Response at SAP - SCN WikiVendor Advisory
Jump to