Lucene search

SapVULNRICHMENT:CVE-2024-42377

HistoryAug 13, 2024 - 3:41 a.m.

CVE-2024-42377 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

2024-08-1303:41:55

CWE-862

sap

github.com

sap

authorization check

vulnerabilities

remote-enabled function

integrity impact

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP shared service framework allows an
authenticated non-administrative user to call a remote-enabled function, which
will allow them to insert value entries into a non-sensitive table, causing low
impact on integrity of the application

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP Shared Service Framework",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3474590

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-42377