6.5
CVSSv2

CVE-2019-0351

Published: 14/08/2019 Updated: 23/08/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.

Vulnerability Trend

Affected Products

Vendor Product Versions
SapNetweaver7.10, 7.20, 7.30, 7.31, 7.40, 7.50

Recent Articles

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows
The Register • Shaun Nichols in San Francisco • 13 Aug 2019

Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.
Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution bugs in Remote Desktop Services that can be exploited by hackers to take control of vulnerable systems with nothing more than a specially crafted RDP packet. No username and password, or other authentication, ...