Add to collection(s) Add to saved
  1. No category
Uploaded by mohinders

2982840 E 20201110

2020-11-10
2982840
2982840 - Multiple Vulnerabilities in SAP Data Services
Version
Language
Priority
Release Status
Component
5
Type
English
Master Language
HotNews
Category
Released for Customer
Released On
EIM-DS-DEP ( Deployment, Installation, Upgrade )
SAP Security Note
English
Program error
10.11.2020
Please find the original document at https://launchpad.support.sap.com/#/notes/ 2982840
Symptom
Remote Code Execution
SAP Data Services allow an unauthenticated attacker to send a malicious request which could result in
remote code execution. This occurs due to insufficient input validation and a successful exploit would result in
complete compromise of system confidentiality, integrity and availability.
CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Denial of Service
SAP Data Services allow an unauthenticated attacker to override access permission which may cause Denial
of Service when performing a file upload. On successful exploitation, the attacker can completely
compromise the availability of the application.
CVSS: 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Other Terms
CVE-2019-0230, CVE-2019-0233, SAP Data Services, Remote Code Execution, Denial of Service
Solution
This correction is delivered in the release(s) listed in the Support Packages and Patches section. Upgrade to
the corresponding Support Packages referenced by this SAP Security Note.
CVSS
CVSS v3.0 Base Score:9.8 /10
CVSS v3.0 Base Vector:
Name
Value
Attack Vector (AV)
Network (N)
Attack Complexity (AC)
Low (L)
Privileges Required (PR)
None (N)
© 2020 SAP SE or an SAP affiliate company. All rights reserved
1 of 2
2020-11-10
2982840
User Interaction (UI)
None (N)
Scope (S)
Unchanged (U)
Confidentiality Impact (C)
High (H)
Integrity Impact (I)
High (H)
Availability Impact (A)
High (H)
SAP provides this CVSS v3.0 base score as an estimate of the risk posed by the issue reported in this note.
This estimate does not take into account your own system configuration or operational environment. It is not
intended to replace any risk assessments you are advised to conduct when deciding on the applicability or
priority of this SAP Security Note. For more information, see the FAQ section at
https://support.sap.com/securitynotes.
Software Components
Software Component
Release
SBOP_DS_MANAGEMENT_CONSOLE
4.2 - 4.2
Support Package Patches
Software Component Version
Support Package
Patch Level
SAP DATA SERVICES 4.2
SP013
000004
SAP DATA SERVICES 4.2
SP014
000004
SAP DATA SERVICES 4.2
SP012
000010
Terms of use | Copyright | Trademark | Legal Disclosure | Privacy
© 2020 SAP SE or an SAP affiliate company. All rights reserved
2 of 2
Related documents
UYEN getBackgroundReport
UYEN getBackgroundReport
Beyond-Technologies-SAP-PP-Functional-Consultant
Beyond-Technologies-SAP-PP-Functional-Consultant
Sample Parent / Teacher Conference Form
Sample Parent / Teacher Conference Form
Delphi
Delphi
Download