CVE-2019-0293

{"id": "CVE-2019-0293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-05-14T21:29:00.810", "references": [{"url": "http://www.securityfocus.com/bid/108324", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2756625", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740)."}, {"lang": "es", "value": "La lectura del destino de RFC no siempre realiza la comprobaci\u00f3n de autorizaci\u00f3n, dando como resultado una escalada de privilegios para acceder a la informaci\u00f3n en los destinos en RFC en sistemas administrados y en sistemas SAP Solution Manager ( ST-PI, versiones anteriores 2008_1_700, 2008_1_710, and 740)."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B2DACCF-66D4-44C5-B495-0B7755BA9302"}, {"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AC51B76-E8B0-4D33-B4EF-EA1E4197ECDB"}, {"criteria": "cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E7D4CD-A31E-4DB7-BC58-95292BBD0560"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}