CVE-2019-0312

EPSS 1.1%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 jun 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical data in the absence of restrictive firewall and port settings.

Productos afectados

SAP SE · SAP NetWeaver Process Integration(SAP_XIESR)SAP SE · SAP NetWeaver Process Integration(SAP_XITOOL)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://launchpad.support.sap.com/#/notes/2744086 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242