CVE-2019-0365 : SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EX

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

Published 2019-09-10 17:15:11

Updated 2020-08-24 17:37:01

Source SAP SE

View at NVD, CVE.org

Products affected by CVE-2019-0365

SAP » Sap Kernel » Version: 7.49
cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel » Version: 7.21
cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel » Version: 7.73
cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel » Version: 7.53
cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel » Version: 7.76
cpe:2.3:a:sap:sap_kernel:7.76:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32nuc » Version: 7.22ext
cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32nuc » Version: 7.21ext
cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32nuc » Version: 7.21
cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32nuc » Version: 7.22
cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32uc » Version: 7.21
cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32uc » Version: 7.21ext
cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32uc » Version: 7.22
cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl32uc » Version: 7.22ext
cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64nuc » Version: 7.21
cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64nuc » Version: 7.22
cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64nuc » Version: 7.21ext
cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64nuc » Version: 7.22ext
cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.22
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.22ext
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.49
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.49:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.73
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.73:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.21ext
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21ext:*:*:*:*:*:*:*
Matching versions
SAP » Sap Kernel Krnl64uc » Version: 7.21
cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-0365

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-0365

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2019-0365

https://launchpad.support.sap.com/#/notes/2786151

SAP ONE Support Launchpad: Log On
Permissions Required;Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506

SAP Security Patch Day – September 2019 - Product Security Response at SAP - SCN Wiki
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-0365

Products affected by CVE-2019-0365

Exploit prediction scoring system (EPSS) score for CVE-2019-0365

CVSS scores for CVE-2019-0365

References for CVE-2019-0365