Skip links

CVE-2019-0301 Privilege Escalation in SAP Identity Management REST Interface Version 2, SAP security note 2784307

Description

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.

Some well-known impacts of this vulnerability are:

  • Privilege escalation for the user for connected systems to SAP Identity Management
  • Loss of confidentiality and integrity depending on the connected systems to SAP Identity Management

Available fix and Supported packages

  • IDMREST | 8.0 | 8.0
  • IDMIC | 8.0 | 8.0
  • IDENTITY CENTER REST API 8.0 | SP006 | 000009
  • IDM 8.0 UIS FOR NW 7.30 | SP006 | 000025

Affected component

    BC-IAM-IDM
    Identity Management

CVSS

Score: 8.4
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2784307

TAGS

#Privilege
#Escalation
#&160-SAP
#Identity
#Management
#REST
#Interface
#&160-CVE-2019-0301