BID:106471

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

CVE-2019-248 |

Info

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

Bugtraq ID:	106471
Class:	Design Error
CVE:	CVE-2019-0248
Remote:	Yes
Local:	No
Published:	Jan 08 2019 12:00AM
Updated:	Jan 08 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP Netweaver Gateway 7.53 SAP Netweaver Gateway 7.52 SAP Netweaver Gateway 7.51 SAP Netweaver Gateway 7.5 SAP Basis 7.5

Not Vulnerable:

Discussion

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

SAP ABAP Application Server is prone to an information disclosure vulnerability.

An attacker can exploit this issue to gain sensitive information, that may aid in further attacks.

The following versions of product are vulnerable:

SAP ABAP Application Server SAP_GWFND 7.5 through 7.53
SAP ABAP Application Server SAP_BASIS 7.5

Exploit / POC

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

SAP ABAP Application Server CVE-2019-0248 Gateway Information Disclosure Vulnerability

References:

SAP Homepage (SAP)
SAP Security Patch Day �?? January 2019 (SAP)