Lucene search

[email protected]NVD:CVE-2024-21735

HistoryJan 09, 2024 - 1:15 a.m.

CVE-2024-21735

2024-01-0901:15:39

CWE-863

[email protected]

web.nvd.nist.gov

sap

replication server

authorization

flaw

s4core

privilege escalation

confidentiality

integrity

availability

cve-2024-21735

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

19.3%

JSON

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

Affected configurations

NVD

Node

saplt_replication_serverMatchs4core_103

saplt_replication_serverMatchs4core_104

saplt_replication_serverMatchs4core_105

saplt_replication_serverMatchs4core_106

saplt_replication_serverMatchs4core_107

saplt_replication_serverMatchs4core_108

References

me.sap.com/notes/3407617

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for NVD:CVE-2024-21735

cvelist1 prion1 cve1