Lucene search

SapCVELIST:CVE-2024-41736

HistoryAug 13, 2024 - 4:09 a.m.

CVE-2024-41736 Information Disclosure vulnerability in SAP Permit to Work

2024-08-1304:09:24

CWE-200

sap

www.cve.org

sap

permit to work

cve-2024-41736

information disclosure

vulnerability

low impact

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

Under certain conditions SAP Permit to Work
allows an authenticated attacker to access information which would otherwise be
restricted causing low impact on the confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Permit to Work",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "UIS4HOP1 800"
      },
      {
        "status": "affected",
        "version": "900"
      }
    ]
  }
]

References

me.sap.com/notes/3475427

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-41736