6.5
CVE-2024-42376
- EPSS 0.27%
- Veröffentlicht 13.08.2024 04:15:10
- Zuletzt bearbeitet 12.09.2024 13:43:27
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginMultiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Shared Service Framework Versionsap_bs_fnd_702
SAP ≫ Shared Service Framework Versionsap_bs_fnd_731
SAP ≫ Shared Service Framework Versionsap_bs_fnd_746
SAP ≫ Shared Service Framework Versionsap_bs_fnd_747
SAP ≫ Shared Service Framework Versionsap_bs_fnd_748
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.501 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cna@sap.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.