mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
81 lines
2.8 KiB
JSON
81 lines
2.8 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-0293",
|
|
"ASSIGNER": "cna@sap.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "SAP SE",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SAP Solution Manager system (ST-PI)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "<",
|
|
"version_value": "2008_1_700"
|
|
},
|
|
{
|
|
"version_name": "<",
|
|
"version_value": "2008_1_710"
|
|
},
|
|
{
|
|
"version_name": "<",
|
|
"version_value": "7.4"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740)."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Missing Authorization Check"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032",
|
|
"refsource": "MISC",
|
|
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032"
|
|
},
|
|
{
|
|
"url": "https://launchpad.support.sap.com/#/notes/2756625",
|
|
"refsource": "MISC",
|
|
"name": "https://launchpad.support.sap.com/#/notes/2756625"
|
|
},
|
|
{
|
|
"refsource": "BID",
|
|
"name": "108324",
|
|
"url": "http://www.securityfocus.com/bid/108324"
|
|
}
|
|
]
|
|
}
|
|
} |