CVE-2019-0265

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.

CVSS v3.0 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	Vendor Advisory
https://launchpad.support.sap.com/#/notes/2729710	Permissions Required Vendor Advisory
http://www.securityfocus.com/bid/106972	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/107364	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel::::::::
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:::::::*
	cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:::::::*

Information

Published : 2019-02-15 10:29

Updated : 2019-03-13 09:51

NVD link : CVE-2019-0265

Mitre link : CVE-2019-0265

JSON object : View

CWE

CWE-611

Improper Restriction of XML External Entity Reference

Products Affected

sap

advanced_business_application_programming_platform_krnl32uc
advanced_business_application_programming_platform_krnl64uc
advanced_business_application_programming_platform_kernel
advanced_business_application_programming_platform_krnl64nuc
advanced_business_application_programming_platform_krnl32nuc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://launchpad.support.sap.com/#/notes/2729710", "name": "https://launchpad.support.sap.com/#/notes/2729710", "tags": ["Permissions Required", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/106972", "name": "106972", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/107364", "name": "107364", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-611"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-0265", "ASSIGNER": "cna@sap.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}}, "publishedDate": "2019-02-15T18:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.22", "versionStartIncluding": "7.21"}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-03-13T16:51Z"}

4.9 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-0265

4.9^/10

4.0^/10

Attach tags to `CVE-2019-0265`