CVE-2019-0282
N/A
N/A
Summary
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Process Integration (Runtime Workbench) | < from 7.10 to 7.11 | affected |
| SAP SE | SAP NetWeaver Process Integration (Runtime Workbench) | < 7.30 | affected |
| SAP SE | SAP NetWeaver Process Integration (Runtime Workbench) | < 7.31 | affected |
| SAP SE | SAP NetWeaver Process Integration (Runtime Workbench) | < 7.40 | affected |
| SAP SE | SAP NetWeaver Process Integration (Runtime Workbench) | < 7.50 | affected |
Weaknesses
- Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the attacker.
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
- https://launchpad.support.sap.com/#/notes/2742758
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
- https://launchpad.support.sap.com/#/notes/2742758
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.