CVE-2019-0270
N/A
N/A
Summary
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | ABAP Platform & Server (KRNL32NUC) | < 7.21 | affected |
| SAP SE | ABAP Platform & Server (KRNL32NUC) | < 7.21EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL32NUC) | < 7.22 | affected |
| SAP SE | ABAP Platform & Server (KRNL32NUC) | < 7.22EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL32UC) | < 7.21 | affected |
| SAP SE | ABAP Platform & Server (KRNL32UC) | < 7.21EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL32UC) | < 7.22 | affected |
| SAP SE | ABAP Platform & Server (KRNL32UC) | < 7.22EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.21 | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.21EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.22 | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.22EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.49 | affected |
| SAP SE | ABAP Platform & Server (KRNL64NUC) | < 7.74 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.21 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.21EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.22 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.22EXT | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.49 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.73 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 7.74 | affected |
| SAP SE | ABAP Platform & Server (KRNL64UC) | < 8.04 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.21 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.45 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.49 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.53 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.73 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.74 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 7.75 | affected |
| SAP SE | ABAP Platform & Server (KERNEL) | < 8.04 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/107377
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
- https://launchpad.support.sap.com/#/notes/2727689
References
- http://www.securityfocus.com/bid/107377
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
- https://launchpad.support.sap.com/#/notes/2727689
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.