Vulnerabilities > CVE-2019-0293 - Missing Authorization vulnerability in SAP Solution Manager System 20081700/20081710/20081740
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/108324
- http://www.securityfocus.com/bid/108324
- https://launchpad.support.sap.com/#/notes/2756625
- https://launchpad.support.sap.com/#/notes/2756625
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032