Skip links
RedRays
Published in: sap note

CVE-2019-0270 Missing Authorization check in ABAP Server of SAP NetWeaver, SAP security note 2727689

Author
Published on:

Description

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

 Some well-known impacts of Missing Authorization check are –

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data

Available fix and Supported packages

  • KRNL32NUC | 7.21 | 7.21
  • KRNL32NUC | 7.21EXT | 7.21EXT
  • KRNL32UC | 7.21 | 7.21
  • KRNL32UC | 7.21EXT | 7.21EXT
  • KRNL64NUC | 7.21 | 7.21
  • KRNL64NUC | 7.21EXT | 7.21EXT
  • KRNL64NUC | 7.22 | 7.22
  • KRNL64NUC | 7.22EXT | 7.22EXT
  • KRNL64NUC | 7.49 | 7.49
  • KRNL64NUC | 7.74 | 7.74
  • KRNL64UC | 8.04 | 8.04
  • KRNL64UC | 7.21 | 7.21
  • KRNL64UC | 7.21EXT | 7.21EXT
  • KRNL64UC | 7.22 | 7.22
  • KRNL64UC | 7.22EXT | 7.22EXT
  • KRNL64UC | 7.49 | 7.49
  • KRNL64UC | 7.53 | 7.53
  • KRNL64UC | 7.73 | 7.73
  • KRNL64UC | 7.74 | 7.74
  • KERNEL | 7.21 | 7.22
  • SAP KERNEL 7.21 32-BIT | SP1210 | 001210
  • SAP KERNEL 7.21 32-BIT UNICODE | SP1210 | 001210
  • SAP KERNEL 7.21 64-BIT | SP1210 | 001210
  • SAP KERNEL 7.21 64-BIT UNICODE | SP1210 | 001210
  • SAP KERNEL 7.21 EXT 64-BIT | SP1210 | 001210
  • SAP KERNEL 7.21 EXT 64-BIT UC | SP1210 | 001210
  • SAP KERNEL 7.22 64-BIT | SP719 | 000719
  • SAP KERNEL 7.22 64-BIT UNICODE | SP719 | 000719
  • SAP KERNEL 7.22 EXT 64-BIT | SP719 | 000719
  • SAP KERNEL 7.22 EXT 64-BIT UC | SP719 | 000719
  • SAP KERNEL 7.45 64-BIT | SP830 | 000830
  • SAP KERNEL 7.45 64-BIT UNICODE | SP830 | 000830
  • SAP KERNEL 7.49 64-BIT | SP620 | 000620
  • SAP KERNEL 7.49 64-BIT UNICODE | SP620 | 000620
  • SAP KERNEL 7.53 64-BIT | SP319 | 000319
  • SAP KERNEL 7.53 64-BIT UNICODE | SP319 | 000319
  • SAP KERNEL 7.73 64-BIT UNICODE | SP032 | 000032
  • SAP KERNEL 7.74 64-BIT UNICODE | SP019 | 000019
  • SAP KERNEL 7.75 64-BIT UNICODE | SP008 | 000008
  • SAP KERNEL 8.04 64-BIT UNICODE | SP157 | 000157

Affected component

    BC-ABA-SC
    Dynpro and CUA engine

CVSS

Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2727689

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#&160-CVE-2019-0270

You may also like