Vulnerabilities > CVE-2019-0381 - Files or Directories Accessible to External Parties vulnerability in SAP Dynamic Tier, SAP IQ and SQL Anywhere

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

sap

CWE-552

NVD

Published: 2019-10-08

Updated: 2019-10-15

Summary

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Dynamic Tier 1.0 SAP Dynamic Tier 2.0 SAP SAP IQ 16.1 SAP SQL Anywhere 17.0	4

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://launchpad.support.sap.com/#/notes/2792430
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050