CVE-2019-0293 — MEDIUM (6.5)

Vulnerability Description

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Sap Solution Manager System	2008_1_700

Related Weaknesses (CWE)

CWE-862

References

http://www.securityfocus.com/bid/108324Third Party AdvisoryVDB Entry
https://launchpad.support.sap.com/#/notes/2756625Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032Vendor Advisory
http://www.securityfocus.com/bid/108324Third Party AdvisoryVDB Entry
https://launchpad.support.sap.com/#/notes/2756625Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032Vendor Advisory

FAQ

What is CVE-2019-0293?

CVE-2019-0293 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Mana...

How severe is CVE-2019-0293?

CVE-2019-0293 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0293?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Solution Manager System.