Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2019-0301 Privilege Escalation in SAP Identity Management REST Interface Version 2, SAP security note 2784307

Description

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.

Some well-known impacts of this vulnerability are:

  • Privilege escalation for the user for connected systems to SAP Identity Management
  • Loss of confidentiality and integrity depending on the connected systems to SAP Identity Management

Available fix and Supported packages

  • IDMREST | 8.0 | 8.0
  • IDMIC | 8.0 | 8.0
  • IDENTITY CENTER REST API 8.0 | SP006 | 000009
  • IDM 8.0 UIS FOR NW 7.30 | SP006 | 000025

Affected component

    BC-IAM-IDM
    Identity Management

CVSS

Score: 8.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2784307

TAGS

#Privilege
#Escalation
#&160-SAP
#Identity
#Management
#REST
#Interface
#&160-CVE-2019-0301

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.