Vulnerabilities > CVE-2019-0278 - Unspecified vulnerability in SAP Netweaver Process Integration

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2019-04-10

Updated: 2020-08-24

Summary

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Process Integration 7.10 SAP Netweaver Process Integration 7.11 SAP Netweaver Process Integration 7.20 SAP Netweaver Process Integration 7.30 SAP Netweaver Process Integration 7.31 SAP Netweaver Process Integration 7.40 SAP Netweaver Process Integration 7.50	7

References

https://launchpad.support.sap.com/#/notes/2741201
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114