CVE-2019-0267

Summary

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Manufacturing Integration and Intelligence< 15.0affected
SAP SESAP Manufacturing Integration and Intelligence< 15.1affected
SAP SESAP Manufacturing Integration and Intelligence< 15.2affected

Weaknesses

  • Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References