CVE-2024-41736

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3475427	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:permit_to_work:uis4hop1_800:::::::*
	cpe:2.3:a:sap:permit_to_work:uis4hop1_900:::::::*

History

12 Sep 2024, 13:51

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Sap permit To Work Sap
Summary		(es) Bajo ciertas condiciones, SAP Permit to Work permite que un atacante autenticado acceda a información que de otro modo estaría restringida, lo que causa un bajo impacto en la confidencialidad de la aplicación.
CPE		cpe:2.3:a:sap:permit_to_work:uis4hop1_800:::::::* cpe:2.3:a:sap:permit_to_work:uis4hop1_900:::::::*
References	~~() https://me.sap.com/notes/3475427 -~~	() https://me.sap.com/notes/3475427 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory

13 Aug 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:51

NVD link : CVE-2024-41736

Mitre link : CVE-2024-41736

CVE.ORG link : CVE-2024-41736

JSON object : View

Products Affected

sap

permit_to_work

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-41736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-13T04:15:09.607", "references": [{"url": "https://me.sap.com/notes/3475427", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP Permit to Work permite que un atacante autenticado acceda a informaci\u00f3n que de otro modo estar\u00eda restringida, lo que causa un bajo impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-12T13:51:42.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C89623C8-C8AC-47B1-8EB5-CAAFBD64FAE3"}, {"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40CB5F2B-8B3E-4266-AB66-7680174E69F5"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}