CVE-2024-22131

{"id": "CVE-2024-22131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2024-02-13T03:15:08.363", "references": [{"url": "https://me.sap.com/notes/3420923", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to\u00a0invoke\u00a0an application function to perform actions which they would not normally be permitted to perform. \u00a0Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.\n\n"}, {"lang": "es", "value": "En SAP ABA (Application Basis), versiones 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, un atacante autenticado como usuario con autorizaci\u00f3n de ejecuci\u00f3n remota puede utilizar una interfaz vulnerable. Esto permite al atacante utilizar la interfaz para invocar una funci\u00f3n de la aplicaci\u00f3n para realizar acciones que normalmente no se le permitir\u00eda realizar. Dependiendo de la funci\u00f3n ejecutada, el ataque puede leer o modificar cualquier dato de usuario/empresa y puede hacer que todo el sistema no est\u00e9 disponible."}], "lastModified": "2024-10-16T21:28:35.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform:75c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF0145C4-663F-4E0F-B271-515EFB130D74"}, {"criteria": "cpe:2.3:a:sap:abap_platform:75i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79B3CC36-624C-46F9-832E-43E831AFFC35"}, {"criteria": "cpe:2.3:a:sap:abap_platform:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AA5D36E-BE80-422B-8A6B-0ABDDE274146"}, {"criteria": "cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C04D8608-83F0-4D7F-A7A9-59B616240F14"}, {"criteria": "cpe:2.3:a:sap:abap_platform:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4DF5956-1396-41FA-B101-E24F7898D135"}, {"criteria": "cpe:2.3:a:sap:abap_platform:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2B8C19-4A66-44A8-9995-2BB71D8AA665"}, {"criteria": "cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07710B18-BF01-4316-A258-4F1CB6269C5E"}, {"criteria": "cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A631DA-1279-49AC-922E-7D7216DACC8D"}, {"criteria": "cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65320F25-669B-40D8-A246-07B0202C00A9"}, {"criteria": "cpe:2.3:a:sap:abap_platform:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD5559B1-08ED-4F5C-A61D-0EA13597DBE9"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}