Lucene search

SapCVE-2024-21737

HistoryJan 09, 2024 - 2:15 a.m.

CVE-2024-21737

2024-01-0902:15:45

CWE-94

sap

web.nvd.nist.gov

sap

application

interface

framework

file adapter

v702

os commands

high privilege user

confidentiality

integrity

availability

cve-2024-21737

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

Affected configurations

Nvd

Node

sapapplication_interface_frameworkMatch702

VendorProductVersionCPE
sapapplication_interface_framework702cpe:2.3:a:sap:application_interface_framework:702:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	application_interface_framework	702	cpe:2.3:a:sap:application_interface_framework:702:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Application Interface Framework (File Adapter)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "702"
      }
    ]
  }
]

References

me.sap.com/notes/3411869

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

Related for CVE-2024-21737