CVE-2024-42371

EPSS 0.12%
Veröffentlicht 10.09.2024 03:15:02
Zuletzt bearbeitet 10.09.2024 12:09:50
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP NetWeaver Application Server for ABAP and ABAP Platform

Default Statusunaffected

Version 700

Status affected

Version 701

Status affected

Version 702

Status affected

Version 731

Status affected

Version 740

Status affected

Version 750

Status affected

Version 751

Status affected

Version 752

Status affected

Version 753

Status affected

Version 754

Status affected

Version 755

Status affected

Version 756

Status affected

Version 757

Status affected

Version 758

Status affected

Version 912

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.321

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3488039

https://nvd.nist.gov/vuln/detail/CVE-2024-42371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42371

EUVD