CVE-2024-22132

SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3421659	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:ides_ecc:*:*:*:*:*:*:*:*

History

16 Oct 2024, 21:21

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.4~~	v2 : unknown v3 : 6.3
CPE		cpe:2.3:a:sap:ides_ecc::::::::
References	~~() https://me.sap.com/notes/3421659 -~~	() https://me.sap.com/notes/3421659 - Permissions Required
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html -~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
First Time		Sap Sap ides Ecc

13 Feb 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-13 03:15

Updated : 2024-10-16 21:21

NVD link : CVE-2024-22132

Mitre link : CVE-2024-22132

CVE.ORG link : CVE-2024-22132

JSON object : View

Products Affected

sap

ides_ecc

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-22132", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 3.1}]}, "published": "2024-02-13T03:15:08.570", "references": [{"url": "https://me.sap.com/notes/3421659", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.\n\n"}, {"lang": "es", "value": "SAP IDES ECC-systems contienen c\u00f3digo que permite la ejecuci\u00f3n de c\u00f3digo de programa arbitrario elegido por el usuario. Por lo tanto, un atacante puede controlar el comportamiento del sistema ejecutando c\u00f3digo malicioso que potencialmente puede aumentar los privilegios con un bajo impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "lastModified": "2024-10-16T21:21:20.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:ides_ecc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1F3ABB7-AE38-4215-9770-E9AD0AAB674A"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}