CVE-2019-0255 Information

Description

SAP NetWeaver AS ABAP Platform Krnl64nuc 7.74 krnl64UC 7.73 7.74 Kernel 7.73 7.74 7.75 fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation where business user achieves access to the full SAP Menu that is ‘Easy Access Menu’. The situation can be misused by any user to leverage privileges to business functionality.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

http://www.securityfocus.com/bid/106987 https://launchpad.support.sap.com//notes/2723570 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

8.1