2019-02-15 13:04:18 -05:00
{
2019-03-18 00:11:17 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com" ,
"ID" : "CVE-2019-0257" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ABAP Platform(SAP Basis)" ,
"version" : {
"version_data" : [
{
"version_name" : "<" ,
"version_value" : "from 7.0 to 7.02"
} ,
{
"version_name" : "<" ,
"version_value" : "from 7.10 to 7.11"
} ,
{
"version_name" : "<" ,
"version_value" : "7.30"
} ,
{
"version_name" : "<" ,
"version_value" : "7.31"
} ,
{
"version_name" : "<" ,
"version_value" : "7.40"
} ,
{
"version_name" : "<" ,
"version_value" : "from 7.50 to 7.53"
} ,
{
"version_name" : "<" ,
"version_value" : "from 7.74 to 7.75"
}
]
}
}
]
} ,
"vendor_name" : "SAP SE"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2019-02-15 13:04:18 -05:00
{
2019-03-18 00:11:17 +00:00
"lang" : "eng" ,
"value" : "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
2019-02-15 13:04:18 -05:00
}
2019-03-18 00:11:17 +00:00
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Missing Authorization Check"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943" ,
"refsource" : "MISC" ,
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
} ,
{
"name" : "https://launchpad.support.sap.com/#/notes/2728839" ,
"refsource" : "MISC" ,
"url" : "https://launchpad.support.sap.com/#/notes/2728839"
} ,
{
"name" : "106999" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/106999"
}
]
}
}
