CVE-2019-0363 : Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Serv

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.

Published 2019-09-10 17:15:11

Updated 2020-08-24 17:37:01

Source SAP SE

View at NVD, CVE.org

Products affected by CVE-2019-0363

SAP » Hana Extended Application Services
Versions before (<) 1.0.118
cpe:2.3:a:sap:hana_extended_application_services:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-0363

EPSS FAQ

0.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 56 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-0363

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:P	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H	2.8	4.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: High

References for CVE-2019-0363

https://launchpad.support.sap.com/#/notes/2817491

SAP ONE Support Launchpad: Log On
Permissions Required;Vendor Advisory

CVEs referencing this url
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506

SAP Security Patch Day – September 2019 - Product Security Response at SAP - SCN Wiki
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-0363

Products affected by CVE-2019-0363

Exploit prediction scoring system (EPSS) score for CVE-2019-0363

CVSS scores for CVE-2019-0363

References for CVE-2019-0363