In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
References
| Link | Resource |
|---|---|
| https://me.sap.com/notes/3411869 | Permissions Required |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
| https://me.sap.com/notes/3411869 | Permissions Required |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://me.sap.com/notes/3411869 - Permissions Required | |
| References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
16 Jan 2024, 17:45
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:application_interface_framework:702:*:*:*:*:*:*:* | |
| First Time |
Sap application Interface Framework
Sap |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| References | () https://me.sap.com/notes/3411869 - Permissions Required | |
| References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
09 Jan 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-09 02:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21737
Mitre link : CVE-2024-21737
CVE.ORG link : CVE-2024-21737
JSON object : View
Products Affected
sap
- application_interface_framework
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')