CVE-2019-0278

{"id": "CVE-2019-0278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-04-10T21:29:01.107", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2741201", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure."}, {"lang": "es", "value": "Bajo ciertas condiciones, el Servlet de monitoreo de NetWeaver Process Integration (Sistema de Mensajer\u00eda), corregido en las versiones 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite que un atacante vea los nombres de las tablas de bases de datos usadas por la aplicaci\u00f3n, lo que conlleva a la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75E83C25-D30B-4459-A1F1-DE7EC9FD46BE"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900D10B0-B47B-46B0-A0A9-8E41660429DD"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57CEB9D-5C06-4B3E-A36E-5B8689CA5657"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3062CE84-B6E2-40DE-B7B1-0752FC21BFAD"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "587D81FB-B2ED-4184-9258-A38A18B36DC5"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A325699D-6AB0-4BBC-A21C-A974FA1612DE"}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3A3226-28D1-4B43-942B-F41BD340E746"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}