CVE-2019-0307

Published: 12/06/2019 Updated: 24/08/2020

CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1

CVSS v3 Base Score: 2.4 | Impact Score: 1.4 | Exploitability Score: 0.9

VMScore: 240

Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap solution manager 7.2

Drills through git commit histories to find vulnerability IDs in change logs.

git_vul_driller Crawl the logs of a git repo and find commits matching a regex Getting started Edit config_metasploityaml as needed Edit config_edbyaml as needed Set up your environment (Hint: Use a virtual env) $ conda create -n myenv --python=38 $ conda activate myenv $ pip install -r requirementstxt $ python setuppy install Run

CWE-311 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 https://launchpad.support.sap.com/#/notes/2772266 https://nvd.nist.gov https://github.com/CERTCC/git_vul_driller

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-0307

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect