Lucene search

SapVULNRICHMENT:CVE-2024-33008

HistoryMay 14, 2024 - 3:46 a.m.

CVE-2024-33008 Memory Corruption vulnerability in SAP Replication Server

2024-05-1403:46:17

sap

github.com

sap replication server

memory corruption

vulnerability

gateway command

system availability

cve-2024-33008

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Replication Server ",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "16.0"
      },
      {
        "status": "affected",
        "version": "16.0.3"
      },
      {
        "status": "affected",
        "version": "16.0.4"
      }
    ]
  }
]

References

me.sap.com/notes/3349468

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-33008