Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-21737
HistoryJan 09, 2024 - 2:15 a.m.

CVE-2024-21737

2024-01-0902:15:45
CWE-94
[email protected]
web.nvd.nist.gov
4
sap
interface
framework
high privilege user
control
confidentiality
integrity
availability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

In SAP Application Interface Framework File Adapter - version 702, aย high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this,ย such user can controlย the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

Affected configurations

Nvd
Node
sapapplication_interface_frameworkMatch702
VendorProductVersionCPE
sapapplication_interface_framework702cpe:2.3:a:sap:application_interface_framework:702:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
cve 1
cvelist
cvelist
CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
2024-01-09 01:18:19
prion
prion
Command injection
2024-01-09 02:15:00
cve
cve
CVE-2024-21737
2024-01-09 02:15:45

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON
Related for NVD:CVE-2024-21737
cvelist1prion1cve1