CVE-2019-0278

Summary

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.10 to 7.11affected
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.20affected
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.30affected
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.31affected
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.40affected
SAP SESAP NetWeaver Process Integration (Messaging System)< 7.50affected

Weaknesses

  • Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

ADP Enrichment

CVE Program Container

Additional References

References