Vulnerability Details : CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
Products affected by CVE-2019-0293
- cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-0293
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0293
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-0293
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0293
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
SAP Security Patch Day – May 2019 - Product Security Response at SAP - SCN WikiVendor Advisory
-
https://launchpad.support.sap.com/#/notes/2756625
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
http://www.securityfocus.com/bid/108324
SAP Solution Manager CVE-2019-0293 Remote Authorization Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to