ByteOS Network

Vulnerability Details :

CVE-2019-0265

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-15 Feb, 2019 | 18:00

Updated At-04 Aug, 2024 | 17:44

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:sap

Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At:15 Feb, 2019 | 18:00

Updated At:04 Aug, 2024 | 17:44

▼CVE Numbering Authority (CNA)

< from 7.21 to 7.22
< 7.45
< 7.49
< 7.53
< 7.73
< 7.75

Problem Types

Type	CWE ID	Description
text	N/A	Denial of Service

Type: text

CWE ID: N/A

Description: Denial of Service

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	x_refsource_MISC
http://www.securityfocus.com/bid/106972	vdb-entry x_refsource_BID
https://launchpad.support.sap.com/#/notes/2729710	x_refsource_MISC
http://www.securityfocus.com/bid/107364	vdb-entry x_refsource_BID

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Resource:

x_refsource_MISC

Hyperlink: http://www.securityfocus.com/bid/106972

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://launchpad.support.sap.com/#/notes/2729710

Resource:

x_refsource_MISC

Hyperlink: http://www.securityfocus.com/bid/107364

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/106972	vdb-entry x_refsource_BID x_transferred
https://launchpad.support.sap.com/#/notes/2729710	x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/107364	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.securityfocus.com/bid/106972

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://launchpad.support.sap.com/#/notes/2729710

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.securityfocus.com/bid/107364

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@sap.com

Published At:15 Feb, 2019 | 18:29

Updated At:13 Mar, 2019 | 16:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.9	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

Type: Primary

Version: 3.0

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

SAP SE

>>advanced_business_application_programming_platform_kernel>>Versions from 7.21(inclusive) to 7.22(inclusive)

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:*:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_kernel>>7.45

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.45:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_kernel>>7.49

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.49:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_kernel>>7.53

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.53:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_kernel>>7.73

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.73:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_kernel>>7.75.

cpe:2.3:a:sap:advanced_business_application_programming_platform_kernel:7.75.:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32nuc>>7.21

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32nuc>>7.21ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.21ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32nuc>>7.22

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32nuc>>7.22ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32nuc:7.22ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32uc>>7.21

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32uc>>7.21ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.21ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32uc>>7.22

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl32uc>>7.22ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl32uc:7.22ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64nuc>>7.21

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64nuc>>7.21ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.21ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64nuc>>7.22

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64nuc>>7.22ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.22ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64nuc>>7.49

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64nuc:7.49:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.21

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.21ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.21ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.22

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.22ext

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.22ext:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.49

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.49:*:*:*:*:*:*:*

SAP SE

>>advanced_business_application_programming_platform_krnl64uc>>7.73

cpe:2.3:a:sap:advanced_business_application_programming_platform_krnl64uc:7.73:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-611	Primary	nvd@nist.gov

CWE ID: CWE-611

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/106972	cna@sap.com	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/107364	cna@sap.com	Third Party Advisory VDB Entry
https://launchpad.support.sap.com/#/notes/2729710	cna@sap.com	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943	cna@sap.com	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/106972

Source: cna@sap.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securityfocus.com/bid/107364

Source: cna@sap.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://launchpad.support.sap.com/#/notes/2729710

Source: cna@sap.com

Resource:

Permissions Required

Vendor Advisory

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Source: cna@sap.com

Resource:

Vendor Advisory

Similar CVEs

54Records found

CVE-2016-4931

Matching Score-4

Assigner-Juniper Networks, Inc.

View Details

Matching Score-4

Assigner-Juniper Networks, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.27% / 50.10%

7 Day CHG~0.00%

Published-20 Mar, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.

Vendor-n/a Juniper Networks, Inc.

Product-junos_space n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2019-17085

Matching Score-4

Assigner-OpenText (formerly Micro Focus)

View Details

Matching Score-4

Assigner-OpenText (formerly Micro Focus)

CVSS Score-6.5||MEDIUM

EPSS-0.22% / 44.38%

7 Day CHG~0.00%

Published-18 Nov, 2019 | 20:16

Updated-05 Aug, 2024 | 01:33

XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.

Vendor-Micro Focus International Limited

Product-operations_agent Operations Agent

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2016-0219

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.40% / 59.54%

7 Day CHG~0.00%

Published-16 Jan, 2018 | 19:00

Updated-05 Aug, 2024 | 22:08

XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693.

Vendor-n/a IBM Corporation

Product-rational_doors_next_generation rational_engineering_lifecycle_manager rational_quality_manager rational_team_concert rational_requirements_composer rational_collaborative_lifecycle_management rational_rhapsody_design_manager rational_software_architect_design_manager n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2015-7461

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.40% / 59.54%

7 Day CHG~0.00%

Published-20 Mar, 2018 | 21:00

Updated-06 Aug, 2024 | 07:51

XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.

Vendor-n/a IBM Corporation

Product-connections n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CWE ID-CWE-399

Not Available

CVE-2019-0265

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs