Vulnerability Details : CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
Exploit prediction scoring system (EPSS) score for CVE-2019-0379
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 38 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-0379
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-0379
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0379
-
https://launchpad.support.sap.com/#/notes/2826015
SAP ONE Support Launchpad: Log OnPermissions Required
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
Vendor Advisory
Products affected by CVE-2019-0379
- cpe:2.3:a:sap:process_integration:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:process_integration:1.0:*:*:*:*:*:*:*