CVE-2019-0399

Summary

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Portfolio and Project Management (S4CORE)102affected
SAP SESAP Portfolio and Project Management (S4CORE)103affected
SAP SESAP Portfolio and Project Management (EPPM)100affected
SAP SESAP Portfolio and Project Management (CPRXRPM)500_702affected
SAP SESAP Portfolio and Project Management (CPRXRPM)600_740affected
SAP SESAP Portfolio and Project Management (CPRXRPM)610_740affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References