Vulnerability Details : CVE-2019-0278
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2019-0278
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-0278
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-0278
-
https://launchpad.support.sap.com/#/notes/2741201
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
SAP Security Patch Day – April 2019 - Product Security Response at SAP - SCN WikiVendor Advisory
Products affected by CVE-2019-0278
- cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*