{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:18:35.240","vulnerabilities":[{"cve":{"id":"CVE-2019-0325","sourceIdentifier":"cna@sap.com","published":"2019-07-10T20:15:11.903","lastModified":"2024-11-21T04:16:41.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data."},{"lang":"es","value":"SAP ERP HCM (SAP_HRCES), versión 3, no realiza las comprobaciones de autorización necesarias para un reporte que lee los datos de nómina de los empleados en un área determinada. Debido a esto, bajo ciertas condiciones, el usuario una vez que tuvo la autorización para datos de nómina de un empleado, y que fue revocado luego, puede conservar el acceso a los mismos datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:erp_hcm:3.0:*:*:*:*:*:*:*","matchCriteriaId":"19B3A119-153A-4199-B24D-0A6D51D13318"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/109075","source":"cna@sap.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://launchpad.support.sap.com/#/notes/2798133","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/109075","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://launchpad.support.sap.com/#/notes/2798133","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}