Lucene search

SapCVE-2024-37177

HistoryJun 11, 2024 - 2:15 a.m.

CVE-2024-37177

2024-06-1102:15:09

CWE-79

sap

web.nvd.nist.gov

sap financial consolidation

data entry

vulnerability

web application

untrusted source

network

exploitation

attacker

confidentiality

integrity

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Financial Consolidation",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "FINANCE 1010"
      }
    ]
  }
]

References

me.sap.com/notes/3457592

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-37177