{"api_version":"1","generated_at":"2026-07-06T18:29:54+00:00","cve":"CVE-2019-0255","urls":{"html":"https://cve.report/CVE-2019-0255","api":"https://cve.report/api/cve/CVE-2019-0255.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-0255","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-0255"},"summary":{"title":"CVE-2019-0255","description":"SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.","state":"PUBLIC","assigner":"cna@sap.com","published_at":"2019-02-15 18:29:00","updated_at":"2019-02-22 19:58:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106987","name":"106987","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"SAP NetWeaver ABAP CVE-2019-0255 Unauthorized Access Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943","refsource":"MISC","tags":["Vendor Advisory"],"title":"SAP Security Patch Day – February 2019 - Product Security Response at SAP - Community Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://launchpad.support.sap.com/#/notes/2723570","name":"https://launchpad.support.sap.com/#/notes/2723570","refsource":"MISC","tags":["Permissions Required","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-0255","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0255","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.75.","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_kernel","cpe6":"7.75.","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64nuc","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64nuc","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64uc","cpe6":"7.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64uc","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64uc","cpe6":"7.73","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"255","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"advanced_business_application_programming_platform_krnl64uc","cpe6":"7.74","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2019-0255","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943","refsource":"MISC","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"},{"name":"https://launchpad.support.sap.com/#/notes/2723570","refsource":"MISC","url":"https://launchpad.support.sap.com/#/notes/2723570"},{"name":"106987","refsource":"BID","url":"http://www.securityfocus.com/bid/106987"}]}},"nvd":{"publishedDate":"2019-02-15 18:29:00","lastModifiedDate":"2019-02-22 19:58:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.74:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.74:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.74:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"255","Ordinal":"136663","Title":"CVE-2019-0255","CVE":"CVE-2019-0255","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"255","Ordinal":"1","NoteData":"SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"255","Ordinal":"2","NoteData":"2019-02-15","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"255","Ordinal":"3","NoteData":"2019-02-16","Type":"Other","Title":"Modified"}]}}}