CVE-2019-0399

{"id": "CVE-2019-0399", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-12-11T22:15:11.757", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2803554", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure."}, {"lang": "es", "value": "SAP Portfolio and Project Management, versiones anteriores a S4CORE 102, 103, EPPM 100 y CPRXRPM 500_702, 600_740, 610_740; involuntariamente permite a un usuario descubrir informaci\u00f3n contable de los Proyectos en el panel del Proyecto, conllevando a una Divulgaci\u00f3n de Informaci\u00f3n."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:cprxrpm_500_702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6182A81E-2CC5-4A37-9A4A-C9D712BA3D22"}, {"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:cprxrpm_600_740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D93DDC-585B-4A26-81B3-6EDC2FDAB212"}, {"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:cprxrpm_610_740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2EEF28-4EFF-4B42-9EE9-944B18A2892F"}, {"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:eppm_100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22ED9AFB-F6EA-481E-917D-88ED3413006C"}, {"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:s4core_102:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BA5EE41-8389-4285-AF3C-49E97940912E"}, {"criteria": "cpe:2.3:a:sap:portfolio_and_project_management:s4core_103:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E9F4195-63ED-4E4F-9505-A973080CBCA7"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}