CVE-2019-0304: Code Injection
First published: Wed Jun 12 2019(Updated: )
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Advanced Business Application Programming Platform Kernel | =7.21 | |
| Sap Advanced Business Application Programming Platform Kernel | =7.45 | |
| Sap Advanced Business Application Programming Platform Kernel | =7.49 | |
| Sap Advanced Business Application Programming Platform Kernel | =7.53 | |
| Sap Advanced Business Application Programming Platform Kernel | =7.73 | |
| Sap Advanced Business Application Programming Platform Krnl32nuc | =7.21 | |
| Sap Advanced Business Application Programming Platform Krnl32nuc | =7.21ext | |
| Sap Advanced Business Application Programming Platform Krnl32nuc | =7.22 | |
| Sap Advanced Business Application Programming Platform Krnl32nuc | =7.22ext | |
| Sap Advanced Business Application Programming Platform Krnl32uc | =7.21 | |
| Sap Advanced Business Application Programming Platform Krnl32uc | =7.21ext | |
| Sap Advanced Business Application Programming Platform Krnl32uc | =7.22 | |
| Sap Advanced Business Application Programming Platform Krnl32uc | =7.22ext | |
| Sap Advanced Business Application Programming Platform Krnl64nuc | =7.21 | |
| Sap Advanced Business Application Programming Platform Krnl64nuc | =7.21ext | |
| Sap Advanced Business Application Programming Platform Krnl64nuc | =7.22 | |
| Sap Advanced Business Application Programming Platform Krnl64nuc | =7.22ext | |
| Sap Advanced Business Application Programming Platform Krnl64nuc | =7.49 | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.21 | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.21ext | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.22 | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.22ext | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.49 | |
| Sap Advanced Business Application Programming Platform Krnl64uc | =7.73 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0304?
The severity of CVE-2019-0304 is critical with a CVSS score of 9.8.
How can I fix the FTP Function vulnerability in SAP NetWeaver AS ABAP Platform versions affected by CVE-2019-0304?
To fix the FTP Function vulnerability, apply the necessary patches provided by SAP according to SAP Note 2719530.
What is the CWE associated with CVE-2019-0304?
CVE-2019-0304 is associated with CWE-74.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/sap
- canonical/sap advanced business application programming platform kernel
- version/sap advanced business application programming platform kernel/7.21
- version/sap advanced business application programming platform kernel/7.45
- version/sap advanced business application programming platform kernel/7.49
- version/sap advanced business application programming platform kernel/7.53
- version/sap advanced business application programming platform kernel/7.73
- canonical/sap advanced business application programming platform krnl32nuc
- version/sap advanced business application programming platform krnl32nuc/7.21
- version/sap advanced business application programming platform krnl32nuc/7.21ext
- version/sap advanced business application programming platform krnl32nuc/7.22
- version/sap advanced business application programming platform krnl32nuc/7.22ext
- canonical/sap advanced business application programming platform krnl32uc
- version/sap advanced business application programming platform krnl32uc/7.21
- version/sap advanced business application programming platform krnl32uc/7.21ext
- version/sap advanced business application programming platform krnl32uc/7.22
- version/sap advanced business application programming platform krnl32uc/7.22ext
- canonical/sap advanced business application programming platform krnl64nuc
- version/sap advanced business application programming platform krnl64nuc/7.21
- version/sap advanced business application programming platform krnl64nuc/7.21ext
- version/sap advanced business application programming platform krnl64nuc/7.22
- version/sap advanced business application programming platform krnl64nuc/7.22ext
- version/sap advanced business application programming platform krnl64nuc/7.49
- canonical/sap advanced business application programming platform krnl64uc
- version/sap advanced business application programming platform krnl64uc/7.21
- version/sap advanced business application programming platform krnl64uc/7.21ext
- version/sap advanced business application programming platform krnl64uc/7.22
- version/sap advanced business application programming platform krnl64uc/7.22ext
- version/sap advanced business application programming platform krnl64uc/7.49
- version/sap advanced business application programming platform krnl64uc/7.73