Published: 14/08/2019 Updated: 23/08/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Netweaver Application Server Java

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver application server java 7.30
sap netweaver application server java 7.31
sap netweaver application server java 7.40
sap netweaver application server java 7.50

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

The Register • Shaun Nichols in San Francisco • 13 Aug 2019

Plus special guest stars Adobe and SAP in this month's security fixes We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Patch Tuesday Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month. Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution bugs in Remote Desktop Services that can be exploited by hackers to take control of vulnerable systems with nothing more than a specially crafted RDP packet. No username and password, or other authentication, is req...

CVE-2019-0345

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect