CVE-2019-0293

Summary

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Solution Manager system (ST-PI)< 2008_1_700affected
SAP SESAP Solution Manager system (ST-PI)< 2008_1_710affected
SAP SESAP Solution Manager system (ST-PI)< 7.4affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References