CVE-2019-0365

EPSS 1.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Sep 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

Affected products

SAP SE · SAP GUI for Java (BC-FES-JAV)SAP SE · SAP GUI for Windows (BC-FES-GUI)SAP SE · SAP Kernel (KERNEL)SAP SE · SAP Kernel (KRNL32NUC)SAP SE · SAP Kernel (KRNL32UC)SAP SE · SAP Kernel (KRNL64NUC)SAP SE · SAP Kernel (KRNL64UC)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/2786151 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506