Vulnerability Description
SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Enable Now | < 1911 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/2845183Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2845183Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397Vendor Advisory
FAQ
What is CVE-2019-0403?
CVE-2019-0403 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.
How severe is CVE-2019-0403?
CVE-2019-0403 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-0403?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Enable Now.