CVE-2019-0402

low-risk
Published 2019-12-11

SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Adaptive Server Enterprise
Adaptive Server Enterprise

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2845780
Patch https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
Permissions Required https://launchpad.support.sap.com/#/notes/2845780
Patch https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
22
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low