CVE-2019-0304

Summary

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP Platform(KRNL32NUC)< 7.21affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32NUC)< 7.21EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32NUC)< 7.22affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32NUC)< 7.22EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32UC)< 7.21affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32UC)< 7.21EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32UC)< 7.22affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL32UC)< 7.22EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64NUC)< 7.21affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64NUC)< 7.21EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64NUC)< 7.22affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64NUC)< 7.22EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64NUC)< 7.49affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.21affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.21EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.22affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.22EXTaffected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.49affected
SAP SESAP NetWeaver AS ABAP Platform(KRNL64UC)< 7.73affected
SAP SESAP NetWeaver AS ABAP Platform(KERNEL)< 7.21affected
SAP SESAP NetWeaver AS ABAP Platform(KERNEL)< 7.45affected
SAP SESAP NetWeaver AS ABAP Platform(KERNEL)< 7.49affected
SAP SESAP NetWeaver AS ABAP Platform(KERNEL)< 7.53affected
SAP SESAP NetWeaver AS ABAP Platform(KERNEL)< 7.73affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References