Lucene search

SapCVE-2024-33009

HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-33009

2024-05-1416:17:15

CWE-89

sap

web.nvd.nist.gov

sap

global

label management

sql injection

vulnerability

low impact

confidentiality

integrity

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

7.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Global Label Management (GLM)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "606"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "617"
      }
    ]
  }
]

References

me.sap.com/notes/1938764

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

7.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-33009