CVE-2019-0282

Summary

Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Process Integration (Runtime Workbench)< from 7.10 to 7.11affected
SAP SESAP NetWeaver Process Integration (Runtime Workbench)< 7.30affected
SAP SESAP NetWeaver Process Integration (Runtime Workbench)< 7.31affected
SAP SESAP NetWeaver Process Integration (Runtime Workbench)< 7.40affected
SAP SESAP NetWeaver Process Integration (Runtime Workbench)< 7.50affected

Weaknesses

  • Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.

ADP Enrichment

CVE Program Container

Additional References

References