Vulnerability Description
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Advanced Business Application Programming Platform Kernel | 7.73 |
| Sap | Advanced Business Application Programming Platform Krnl64Nuc | 7.74 |
| Sap | Advanced Business Application Programming Platform Krnl64Uc | 7.73 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106987Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2723570Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943Vendor Advisory
- http://www.securityfocus.com/bid/106987Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2723570Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943Vendor Advisory
FAQ
What is CVE-2019-0255?
CVE-2019-0255 is a vulnerability with a CVSS score of 8.1 (HIGH). SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situ...
How severe is CVE-2019-0255?
CVE-2019-0255 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0255?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Advanced Business Application Programming Platform Kernel, Sap Advanced Business Application Programming Platform Krnl64Nuc, Sap Advanced Business Application Programming Platform Krnl64Uc.