Vulnerabilities > CVE-2019-0399 - Unspecified vulnerability in SAP Portfolio and Project Management

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2019-12-11

Updated: 2020-08-24

Summary

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Portfolio AND Project Management Cprxrpm_500_702 SAP Portfolio AND Project Management Cprxrpm_600_740 SAP Portfolio AND Project Management Cprxrpm_610_740 SAP Portfolio AND Project Management Eppm_100 SAP Portfolio AND Project Management S4Core_102 SAP Portfolio AND Project Management S4Core_103	6

References

https://launchpad.support.sap.com/#/notes/2803554
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397