CVE-2019-0349

Summary

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Kernel (KRNL32NUC)< 7.21affected
SAP SESAP Kernel (KRNL32NUC)< 7.21EXTaffected
SAP SESAP Kernel (KRNL32NUC)< 7.22affected
SAP SESAP Kernel (KRNL32NUC)< 7.22EXTaffected
SAP SESAP Kernel (KRNL32UC)< 7.21affected
SAP SESAP Kernel (KRNL32UC)< 7.21EXTaffected
SAP SESAP Kernel (KRNL32UC)< 7.22affected
SAP SESAP Kernel (KRNL32UC)< 7.22EXTaffected
SAP SESAP Kernel (KRNL64NUC)< 7.21affected
SAP SESAP Kernel (KRNL64NUC)< 7.21EXTaffected
SAP SESAP Kernel (KRNL64NUC)< 7.22affected
SAP SESAP Kernel (KRNL64NUC)< 7.22EXTaffected
SAP SESAP Kernel (KRNL64NUC)< 7.49affected
SAP SESAP Kernel (KRNL64UC)< 7.21affected
SAP SESAP Kernel (KRNL64UC)< 7.21EXTaffected
SAP SESAP Kernel (KRNL64UC)< 7.22affected
SAP SESAP Kernel (KRNL64UC)< 7.22EXTaffected
SAP SESAP Kernel (KRNL64UC)< 7.49affected
SAP SESAP Kernel (KRNL64UC)< 7.73affected
SAP SESAP Kernel (KERNEL)< 7.21affected
SAP SESAP Kernel (KERNEL)< 7.49affected
SAP SESAP Kernel (KERNEL)< 7.53affected
SAP SESAP Kernel (KERNEL)< 7.73affected
SAP SESAP Kernel (KERNEL)< 7.75affected
SAP SESAP Kernel (KERNEL)< 7.76affected
SAP SESAP Kernel (KERNEL)< 7.77affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References