In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3420923 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Oct 2024, 21:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Sap abap Platform
Sap |
|
CPE | cpe:2.3:a:sap:abap_platform:702:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:731:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:700:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:75i:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:752:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:75c:*:*:*:*:*:*:* |
|
References | () https://me.sap.com/notes/3420923 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
13 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 03:15
Updated : 2024-10-16 21:28
NVD link : CVE-2024-22131
Mitre link : CVE-2024-22131
CVE.ORG link : CVE-2024-22131
JSON object : View
Products Affected
sap
- abap_platform
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')