{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.0"}, {"status": "affected", "version": "< 7.1"}, {"status": "affected", "version": "< 7.3"}, {"status": "affected", "version": "< 7.31"}, {"status": "affected", "version": "< 7.4"}, {"status": "affected", "version": "< 7.5"}]}], "descriptions": [{"lang": "en", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T19:10:42", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"name": "109067", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109067"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Process Integration ABAP tests (SAP Basis)", "version": {"version_data": [{"version_name": "<", "version_value": "7.0"}, {"version_name": "<", "version_value": "7.1"}, {"version_name": "<", "version_value": "7.3"}, {"version_name": "<", "version_value": "7.31"}, {"version_name": "<", "version_value": "7.4"}, {"version_name": "<", "version_value": "7.5"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "109067", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109067"}, {"name": "https://launchpad.support.sap.com/#/notes/2774489", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575", "refsource": "CONFIRM", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:16.476Z"}, "title": "CVE Program Container", "references": [{"name": "109067", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/109067"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0328", "datePublished": "2019-07-10T19:10:37", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:44:16.476Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1785FB0A-AC85-4BFC-A9E2-41A9664D8DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6594C3CC-D474-4FB7-8B00-C6303EC6F254", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "E23F15D6-6410-4255-9D96-D4795CCB33A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A673172-AFA8-4613-9A1D-CC994395DB31", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "7482316A-99DB-48B2-ABEF-645BC92ACB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "587D81FB-B2ED-4184-9258-A38A18B36DC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system."}, {"lang": "es", "value": "ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecuci\u00f3n de comandos del sistema operativo con derechos privilegiados. Un atacante podr\u00eda afectar la integridad y disponibilidad del sistema."}], "id": "CVE-2019-0328", "lastModified": "2024-11-21T04:16:41.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-10T20:15:12.123", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109067"}, {"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2774489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}