{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}]}, {"product": "SAP NetWeaver AS ABAP Platform(KRNL32UC)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}]}, {"product": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}, {"status": "affected", "version": "< 7.49"}]}, {"product": "SAP NetWeaver AS ABAP Platform(KRNL64UC)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}, {"status": "affected", "version": "< 7.49"}, {"status": "affected", "version": "< 7.73"}]}, {"product": "SAP NetWeaver AS ABAP Platform(KERNEL)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.45"}, {"status": "affected", "version": "< 7.49"}, {"status": "affected", "version": "< 7.53"}, {"status": "affected", "version": "< 7.73"}]}], "descriptions": [{"lang": "en", "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-12T16:11:08", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2719530"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0304", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)", "version": {"version_data": [{"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}]}}, {"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32UC)", "version": {"version_data": [{"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}]}}, {"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)", "version": {"version_data": [{"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}]}}, {"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64UC)", "version": {"version_data": [{"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.73"}]}}, {"product_name": "SAP NetWeaver AS ABAP Platform(KERNEL)", "version": {"version_data": [{"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.45"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "7.73"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.support.sap.com/#/notes/2719530", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2719530"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:16.439Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2719530"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0304", "datePublished": "2019-06-12T14:21:39", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:44:16.439Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "D8EBCD0F-ED63-4C55-9DB4-63DE8F0751CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*", "matchCriteriaId": "3006D7F9-6D11-48A6-899B-2C2955C1A67D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "B2AFDC66-A5C4-4135-9A7F-1778B9DDF2EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "4CB213CC-4C71-4B3A-9D9F-C83594597447", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*", "matchCriteriaId": "46C2954E-3626-4DC7-85CA-241B9E826337", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "ED21DC1E-A53A-4E92-83F0-7455EBEFA3A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "93910493-4A5E-4E14-B6FD-6A5B175AE664", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "F6B9301C-C221-4345-A006-DA7B12E93D1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "8A2B2EC5-A03F-4EBB-BCAF-526DE7EFE2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "940B8331-6D22-418A-9D17-B14DAB035FE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "0D191560-7559-4D90-A593-261C4FD6458D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "01A83003-D709-4E48-8CBE-2AA40274ADA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "471132DF-5B9A-4124-B75F-A09EA02C9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "A50F5C48-173B-487A-8DD1-06A921E37602", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "FD2EBEA5-D698-4595-A654-DEA58C948C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "A901C3A0-E763-4133-9F1F-CDB5AE45A6E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "EE5B551B-0CD5-4800-9A0D-B5B36AD6BCCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "4ED75DB6-7FF6-43CD-9801-7C8410042833", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "9CC9A5B1-F1B2-4804-BABD-2CAEA06BCC42", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "C5D40A13-C630-4E43-A44B-76CAB09FF2C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "26486715-DC64-4AC6-A60D-01254A75C19C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "A6953A3D-8BD4-45DA-A872-6222CB6C1B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "4C3A6702-3A41-4DA5-B705-AAC77A097AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*", "matchCriteriaId": "80296DDD-A3B9-4A7F-B831-DC064A85CE38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."}, {"lang": "es", "value": "La funci\u00f3n FTP de SAP NetWeaver AS ABAP Platform, versiones- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22EXT, 7.49, KRNL6464 7.21 EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, permite a un atacante inyectar un c\u00f3digo o un comando espec\u00edficamente manipulado que puede ser ejecutado por la aplicaci\u00f3n. Por lo tanto, un atacante podr\u00eda de este modo controlar el comportamiento de la aplicaci\u00f3n."}], "id": "CVE-2019-0304", "lastModified": "2024-11-21T04:16:39.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-12T15:29:00.223", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2719530"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2719530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}