CVE-2019-0304
Vulnerability from cvelistv5
Published
2019-06-12 14:21
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2719530 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2719530 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP Platform(KRNL32NUC) |
Version: < 7.21 Version: < 7.21EXT Version: < 7.22 Version: < 7.22EXT |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2719530"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
}
]
},
{
"product": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
},
{
"product": "SAP NetWeaver AS ABAP Platform(KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.45"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-12T16:11:08",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2719530"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.45"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2719530",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2719530"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0304",
"datePublished": "2019-06-12T14:21:39",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0304\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2019-06-12T15:29:00.223\",\"lastModified\":\"2024-11-21T04:16:39.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n FTP de SAP NetWeaver AS ABAP Platform, versiones- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22EXT, 7.49, KRNL6464 7.21 EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, permite a un atacante inyectar un c\u00f3digo o un comando espec\u00edficamente manipulado que puede ser ejecutado por la aplicaci\u00f3n. Por lo tanto, un atacante podr\u00eda de este modo controlar el comportamiento de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EBCD0F-ED63-4C55-9DB4-63DE8F0751CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3006D7F9-6D11-48A6-899B-2C2955C1A67D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFDC66-A5C4-4135-9A7F-1778B9DDF2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB213CC-4C71-4B3A-9D9F-C83594597447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46C2954E-3626-4DC7-85CA-241B9E826337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED21DC1E-A53A-4E92-83F0-7455EBEFA3A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93910493-4A5E-4E14-B6FD-6A5B175AE664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B9301C-C221-4345-A006-DA7B12E93D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2B2EC5-A03F-4EBB-BCAF-526DE7EFE2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"940B8331-6D22-418A-9D17-B14DAB035FE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D191560-7559-4D90-A593-261C4FD6458D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A83003-D709-4E48-8CBE-2AA40274ADA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471132DF-5B9A-4124-B75F-A09EA02C9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A50F5C48-173B-487A-8DD1-06A921E37602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD2EBEA5-D698-4595-A654-DEA58C948C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A901C3A0-E763-4133-9F1F-CDB5AE45A6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5B551B-0CD5-4800-9A0D-B5B36AD6BCCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED75DB6-7FF6-43CD-9801-7C8410042833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CC9A5B1-F1B2-4804-BABD-2CAEA06BCC42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D40A13-C630-4E43-A44B-76CAB09FF2C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26486715-DC64-4AC6-A60D-01254A75C19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6953A3D-8BD4-45DA-A872-6222CB6C1B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C3A6702-3A41-4DA5-B705-AAC77A097AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80296DDD-A3B9-4A7F-B831-DC064A85CE38\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2719530\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2719530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.