Lucene search

SapVULNRICHMENT:CVE-2024-33009

HistoryMay 14, 2024 - 3:58 a.m.

CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)

2024-05-1403:58:53

CWE-89

sap

github.com

sap

global label management

sql injection

vulnerability

exploitation

attacker

database commands

confidentiality

integrity

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Global Label Management (GLM)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "606"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "617"
      }
    ]
  }
]

References

me.sap.com/notes/1938764

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-33009