CVE-2019-0399 — MEDIUM (6.5)

Vulnerability Description

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Portfolio And Project Management	cprxrpm_500_702

References

https://launchpad.support.sap.com/#/notes/2803554Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397Vendor Advisory
https://launchpad.support.sap.com/#/notes/2803554Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397Vendor Advisory

FAQ

What is CVE-2019-0399?

CVE-2019-0399 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects ...

How severe is CVE-2019-0399?

CVE-2019-0399 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0399?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Portfolio And Project Management.