CVE-2019-0255
Summary
| CVE | CVE-2019-0255 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-15 18:29:00 UTC |
| Updated | 2019-02-22 19:58:00 UTC |
| Description | SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SAP NetWeaver ABAP CVE-2019-0255 Unauthorized Access Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SAP Security Patch Day – February 2019 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | Vendor Advisory |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.