{"containers": {"cna": {"affected": [{"product": "SAP Quality Management (S4CORE)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 1.0"}, {"status": "affected", "version": "< 1.01"}, {"status": "affected", "version": "< 1.02"}, {"status": "affected", "version": "< 1.03"}]}], "descriptions": [{"lang": "en", "value": "An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results."}], "problemTypes": [{"descriptions": [{"description": "SQL Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T21:59:55.000Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2816035"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP Quality Management (S4CORE)", "version": {"version_data": [{"version_name": "<", "version_value": "1.0"}, {"version_name": "<", "version_value": "1.01"}, {"version_name": "<", "version_value": "1.02"}, {"version_name": "<", "version_value": "1.03"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}, {"name": "https://launchpad.support.sap.com/#/notes/2816035", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2816035"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:51:26.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2816035"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0393", "datePublished": "2019-11-13T21:59:55.000Z", "dateReserved": "2018-11-26T00:00:00.000Z", "dateUpdated": "2024-08-04T17:51:26.616Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:quality_management:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0600F296-CF2A-488C-A09B-1EDC66AFA115", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:quality_management:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "A901E9B0-A2A3-4F05-AFE4-BB4749A4EEE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:quality_management:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "71BF779F-8AE4-4C69-994B-0647E0115E2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:quality_management:1.03:*:*:*:*:*:*:*", "matchCriteriaId": "EB2C1783-4E5B-4FD0-94C5-B1093BF6C594", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en SAP Quality Management (corregida en S4CORE versiones 1.0, 1.01, 1.02, 1.03), permite a un atacante realizar consultas de bases de datos espec\u00edficas que pueden leer campos individuales de resultados de inspecciones hist\u00f3ricas."}], "id": "CVE-2019-0393", "lastModified": "2024-11-21T04:16:47.457", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-13T22:15:11.850", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2816035"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2816035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}