CVE-2019-0349

HIGH Year: 2019
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check

Related Vulnerabilities

CVE-2009-3168

HIGH
CVSS:7.2(High)

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passw...

CWE-8622009

CVE-2012-6614

HIGH
CVSS:7.2(High)

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.

CWE-8622012

CVE-2018-15327

HIGH
CVSS:7.2(High)

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the ...

CWE-8622018

CVE-2018-15329

HIGH
CVSS:7.2(High)

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also ...

CWE-8622018

CVE-2019-12168

HIGH
CVSS:7.2(High)

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.

CWE-8622019

CVE-2019-19937

HIGH
CVSS:7.2(High)

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

CWE-8622019