Lucene search

SapVULNRICHMENT:CVE-2024-42376

HistoryAug 13, 2024 - 3:39 a.m.

CVE-2024-42376 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

2024-08-1303:39:04

CWE-862

sap

github.com

sap

authorization check

vulnerabilities

escalation

application confidentiality

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP Shared Service Framework does not perform necessary
authorization check for an authenticated user, resulting in escalation of
privileges. On successful exploitation, an attacker can cause a high impact on
confidentiality of the application.

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP Shared Service Framework",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3474590

url.sap/sapsecuritypatchday

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

18.8%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-42376