CVE-2019-0270

Summary

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.

Affected Software

VendorProductVersion RangeStatus
SAP SEABAP Platform & Server (KRNL32NUC)< 7.21affected
SAP SEABAP Platform & Server (KRNL32NUC)< 7.21EXTaffected
SAP SEABAP Platform & Server (KRNL32NUC)< 7.22affected
SAP SEABAP Platform & Server (KRNL32NUC)< 7.22EXTaffected
SAP SEABAP Platform & Server (KRNL32UC)< 7.21affected
SAP SEABAP Platform & Server (KRNL32UC)< 7.21EXTaffected
SAP SEABAP Platform & Server (KRNL32UC)< 7.22affected
SAP SEABAP Platform & Server (KRNL32UC)< 7.22EXTaffected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.21affected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.21EXTaffected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.22affected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.22EXTaffected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.49affected
SAP SEABAP Platform & Server (KRNL64NUC)< 7.74affected
SAP SEABAP Platform & Server (KRNL64UC)< 7.21affected
SAP SEABAP Platform & Server (KRNL64UC)< 7.21EXTaffected
SAP SEABAP Platform & Server (KRNL64UC)< 7.22affected
SAP SEABAP Platform & Server (KRNL64UC)< 7.22EXTaffected
SAP SEABAP Platform & Server (KRNL64UC)< 7.49affected
SAP SEABAP Platform & Server (KRNL64UC)< 7.73affected
SAP SEABAP Platform & Server (KRNL64UC)< 7.74affected
SAP SEABAP Platform & Server (KRNL64UC)< 8.04affected
SAP SEABAP Platform & Server (KERNEL)< 7.21affected
SAP SEABAP Platform & Server (KERNEL)< 7.45affected
SAP SEABAP Platform & Server (KERNEL)< 7.49affected
SAP SEABAP Platform & Server (KERNEL)< 7.53affected
SAP SEABAP Platform & Server (KERNEL)< 7.73affected
SAP SEABAP Platform & Server (KERNEL)< 7.74affected
SAP SEABAP Platform & Server (KERNEL)< 7.75affected
SAP SEABAP Platform & Server (KERNEL)< 8.04affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References