5
CVSSv2

CVE-2019-0345

Published: 14/08/2019 Updated: 23/08/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.

Vulnerability Trend

Affected Products

Vendor Product Versions
SapNetweaver Application Server Java7.30, 7.31, 7.40, 7.50

Recent Articles

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows
The Register • Shaun Nichols in San Francisco • 13 Aug 2019

Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.
Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution bugs in Remote Desktop Services that can be exploited by hackers to take control of vulnerable systems with nothing more than a specially crafted RDP packet. No username and password, or other authentication, ...