Lucene search

SapCVE-2024-21735

HistoryJan 09, 2024 - 1:15 a.m.

CVE-2024-21735

2024-01-0901:15:39

CWE-863

sap

web.nvd.nist.gov

cve-2024-21735

sap

lt replication server

authorization checks

high impact

privilege escalation

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

Affected configurations

Nvd

Node

saplt_replication_serverMatchs4core_103

saplt_replication_serverMatchs4core_104

saplt_replication_serverMatchs4core_105

saplt_replication_serverMatchs4core_106

saplt_replication_serverMatchs4core_107

saplt_replication_serverMatchs4core_108

VendorProductVersionCPE
saplt_replication_servers4core_103cpe:2.3:a:sap:lt_replication_server:s4core_103:*:*:*:*:*:*:*
saplt_replication_servers4core_104cpe:2.3:a:sap:lt_replication_server:s4core_104:*:*:*:*:*:*:*
saplt_replication_servers4core_105cpe:2.3:a:sap:lt_replication_server:s4core_105:*:*:*:*:*:*:*
saplt_replication_servers4core_106cpe:2.3:a:sap:lt_replication_server:s4core_106:*:*:*:*:*:*:*
saplt_replication_servers4core_107cpe:2.3:a:sap:lt_replication_server:s4core_107:*:*:*:*:*:*:*
saplt_replication_servers4core_108cpe:2.3:a:sap:lt_replication_server:s4core_108:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	lt_replication_server	s4core_103	cpe:2.3:a:sap:lt_replication_server:s4core_103:::::::*
sap	lt_replication_server	s4core_104	cpe:2.3:a:sap:lt_replication_server:s4core_104:::::::*
sap	lt_replication_server	s4core_105	cpe:2.3:a:sap:lt_replication_server:s4core_105:::::::*
sap	lt_replication_server	s4core_106	cpe:2.3:a:sap:lt_replication_server:s4core_106:::::::*
sap	lt_replication_server	s4core_107	cpe:2.3:a:sap:lt_replication_server:s4core_107:::::::*
sap	lt_replication_server	s4core_108	cpe:2.3:a:sap:lt_replication_server:s4core_108:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP LT Replication Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 103"
      },
      {
        "status": "affected",
        "version": "S4CORE 104"
      },
      {
        "status": "affected",
        "version": "S4CORE 105"
      },
      {
        "status": "affected",
        "version": "S4CORE 106"
      },
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ]
  }
]

References

me.sap.com/notes/3407617

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVE-2024-21735