admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-03xx/CVE-2019-0345.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

143 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-0345",
"sourceIdentifier": "cna@sap.com",
"published": "2019-08-14T14:15:16.543",
"lastModified": "2024-11-21T04:16:43.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede abusar de un servicio web en SAP NetWeaver Application Server for Java (Administrator System Overview), versiones 7.30, 7.31, 7.40, 7.50, enviando un archivo XML especialmente dise\u00f1ado y enga\u00f1ando al servidor de aplicaciones al filtrar credenciales de autenticaci\u00f3n para su propia consola de SAP Management, resultando en un ataque de tipo Server-Side Request Forgery."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "24A1E0B9-8C28-41BC-B050-237B5F929C9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAE6C2A-821F-4123-BD56-0FDADF9D63C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "F5308FCE-8B2C-4B4D-BEE7-3CF544570B68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9C506445-3787-4BFF-A98B-7502A0F7CF80"
}
]
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2813811",
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://launchpad.support.sap.com/#/notes/2813811",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink