CVE-2019-0293
N/A
N/A
Summary
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Solution Manager system (ST-PI) | < 2008_1_700 | affected |
| SAP SE | SAP Solution Manager system (ST-PI) | < 2008_1_710 | affected |
| SAP SE | SAP Solution Manager system (ST-PI) | < 7.4 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
- https://launchpad.support.sap.com/#/notes/2756625
- http://www.securityfocus.com/bid/108324
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
- https://launchpad.support.sap.com/#/notes/2756625
- http://www.securityfocus.com/bid/108324
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.