CVE-2019-0283
Last modified
CVE-2019-0283 is a vulnerability of currently unknown severity. SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Process Integration | 7.10 |
| Sap | Netweaver Process Integration | 7.11 |
| Sap | Netweaver Process Integration | 7.30 |
| Sap | Netweaver Process Integration | 7.31 |
| Sap | Netweaver Process Integration | 7.40 |
| Sap | Netweaver Process Integration | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/2747683Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2747683Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0283?
How severe is CVE-2019-0283?
How do I fix CVE-2019-0283?
Are you affected by CVE-2019-0283?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST