Lucene search

SapCVE-2024-42377

HistoryAug 13, 2024 - 4:15 a.m.

CVE-2024-42377

2024-08-1304:15:11

CWE-862

sap

web.nvd.nist.gov

sap

shared service

non-admin

remote-enabled function

low impact

integrity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.7%

JSON

SAP shared service framework allows an
authenticated non-administrative user to call a remote-enabled function, which
will allow them to insert value entries into a non-sensitive table, causing low
impact on integrity of the application

Affected configurations

Nvd

Node

sapshared_service_frameworkMatchsap_bs_fnd_702

sapshared_service_frameworkMatchsap_bs_fnd_731

sapshared_service_frameworkMatchsap_bs_fnd_746

sapshared_service_frameworkMatchsap_bs_fnd_747

sapshared_service_frameworkMatchsap_bs_fnd_748

VendorProductVersionCPE
sapshared_service_frameworksap_bs_fnd_702cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*
sapshared_service_frameworksap_bs_fnd_731cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*
sapshared_service_frameworksap_bs_fnd_746cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*
sapshared_service_frameworksap_bs_fnd_747cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*
sapshared_service_frameworksap_bs_fnd_748cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	shared_service_framework	sap_bs_fnd_702	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:::::::*
sap	shared_service_framework	sap_bs_fnd_731	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:::::::*
sap	shared_service_framework	sap_bs_fnd_746	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:::::::*
sap	shared_service_framework	sap_bs_fnd_747	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:::::::*
sap	shared_service_framework	sap_bs_fnd_748	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Shared Service Framework",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      }
    ]
  }
]

References

me.sap.com/notes/3474590

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-42377