CVE-2019-0265

moderate-risk

Published 2019-02-15

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75.

Do I need to act?

-

0.89% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Kernel

Advanced Business Application Programming Platform Krnl32Nuc

Advanced Business Application Programming Platform Krnl32Nuc

Advanced Business Application Programming Platform Krnl32Nuc

Advanced Business Application Programming Platform Krnl32Nuc

Advanced Business Application Programming Platform Krnl32Uc

Advanced Business Application Programming Platform Krnl32Uc

Advanced Business Application Programming Platform Krnl32Uc

Advanced Business Application Programming Platform Krnl32Uc

Advanced Business Application Programming Platform Krnl64Nuc

Advanced Business Application Programming Platform Krnl64Nuc

Advanced Business Application Programming Platform Krnl64Nuc

Advanced Business Application Programming Platform Krnl64Nuc

Advanced Business Application Programming Platform Krnl64Nuc

Advanced Business Application Programming Platform Krnl64Uc

Affected Vendors

Sap

References (8)

Third Party Advisory http://www.securityfocus.com/bid/106972

Third Party Advisory http://www.securityfocus.com/bid/107364

Permissions Required https://launchpad.support.sap.com/#/notes/2729710

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Third Party Advisory http://www.securityfocus.com/bid/106972

Third Party Advisory http://www.securityfocus.com/bid/107364

Permissions Required https://launchpad.support.sap.com/#/notes/2729710

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

44

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 21/34 · High