CVE-2024-42376

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

S

AP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.

References

Link	Resource
https://me.sap.com/notes/3474590	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:::::::*
	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:::::::*
	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:::::::*
	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:::::::*
	cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:::::::*

History

12 Sep 2024, 13:43

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:::::::* cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:::::::* cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:::::::* cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:::::::* cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:::::::*
References	~~() https://me.sap.com/notes/3474590 -~~	() https://me.sap.com/notes/3474590 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
First Time		Sap shared Service Framework Sap

13 Aug 2024, 12:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:43

NVD link : CVE-2024-42376

Mitre link : CVE-2024-42376

CVE.ORG link : CVE-2024-42376

JSON object : View

Products Affected

shared_service_framework

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-42376", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-08-13T04:15:10.837", "references": [{"url": "https://me.sap.com/notes/3474590", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Shared Service Framework does not perform necessary\nauthorization check for an authenticated user, resulting in escalation of\nprivileges. On successful exploitation, an attacker can cause a high impact on\nconfidentiality of the application."}, {"lang": "es", "value": "SAP Shared Service Framework no realiza la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Si la explotaci\u00f3n tiene \u00e9xito, un atacante puede causar un gran impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-12T13:43:27.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AC1EAA0-7B20-4B4C-9F7D-8F7832D91BCE"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFE56A04-ADDE-4A27-87CA-C801DFA5CD80"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36822481-BB89-421A-99D5-33854E6080B9"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA0ED8A-F75D-49DF-BD37-CD3273E2F8E4"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6852223A-C675-4F29-92E4-90092DBDF11E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}