CVE-2019-0338

Summary

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Gateway< 750affected
SAP SESAP Gateway< 751affected
SAP SESAP Gateway< 752affected
SAP SESAP Gateway< 753affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References