Lucene search

SapVULNRICHMENT:CVE-2024-41736

HistoryAug 13, 2024 - 4:09 a.m.

CVE-2024-41736 Information Disclosure vulnerability in SAP Permit to Work

2024-08-1304:09:24

CWE-200

sap

github.com

sap

permit to work

information disclosure

cve-2024-41736

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Under certain conditions SAP Permit to Work
allows an authenticated attacker to access information which would otherwise be
restricted causing low impact on the confidentiality of the application.

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP Permit to Work",
    "versions": [
      {
        "status": "affected",
        "version": "UIS4HOP1 800"
      },
      {
        "status": "affected",
        "version": "900"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3475427

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-41736