CVE-2024-42376

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.
References
Link Resource
https://me.sap.com/notes/3474590 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*

History

12 Sep 2024, 13:43

Type Values Removed Values Added
First Time Sap
Sap shared Service Framework
References () https://me.sap.com/notes/3474590 - () https://me.sap.com/notes/3474590 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
Summary
  • (es) SAP Shared Service Framework no realiza la verificación de autorización necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Si la explotación tiene éxito, un atacante puede causar un gran impacto en la confidencialidad de la aplicación.
CPE cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:43


NVD link : CVE-2024-42376

Mitre link : CVE-2024-42376

CVE.ORG link : CVE-2024-42376


JSON object : View

Products Affected

sap

  • shared_service_framework
CWE
CWE-862

Missing Authorization