Lucene search

SapCVELIST:CVE-2024-42376

HistoryAug 13, 2024 - 3:39 a.m.

CVE-2024-42376 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

2024-08-1303:39:04

CWE-862

sap

www.cve.org

sap

shared service framework

authorization check

vulnerabilities

cve-2024-42376

escalation of privileges

confidentiality

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

SAP Shared Service Framework does not perform necessary
authorization check for an authenticated user, resulting in escalation of
privileges. On successful exploitation, an attacker can cause a high impact on
confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Shared Service Framework",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      }
    ]
  }
]

References

me.sap.com/notes/3474590

url.sap/sapsecuritypatchday

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-42376