CVE-2024-37175

EPSS 0.22%
Published 09.07.2024 05:15:11
Last modified 21.11.2024 09:23:21
Source cna@sap.com
Teams watchlist Login
Open Login

SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Customer Relationship Management S4fnd Version102

SAP ≫ Customer Relationship Management S4fnd Version103

SAP ≫ Customer Relationship Management S4fnd Version104

SAP ≫ Customer Relationship Management S4fnd Version105

SAP ≫ Customer Relationship Management S4fnd Version106

SAP ≫ Customer Relationship Management S4fnd Version107

SAP ≫ Customer Relationship Management S4fnd Version108

SAP ≫ Customer Relationship Management Webclient Ui Version701

SAP ≫ Customer Relationship Management Webclient Ui Version731

SAP ≫ Customer Relationship Management Webclient Ui Version746

SAP ≫ Customer Relationship Management Webclient Ui Version747

SAP ≫ Customer Relationship Management Webclient Ui Version748

SAP ≫ Customer Relationship Management Webclient Ui Version800

SAP ≫ Customer Relationship Management Webclient Ui Version801

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.444

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3467377

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-37175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37175

EUVD