CVE-2024-22132

{"id": "CVE-2024-22132", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-02-13T03:15:08.570", "references": [{"url": "https://me.sap.com/notes/3421659", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3421659", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.\n\n"}, {"lang": "es", "value": "SAP IDES ECC-systems contienen c\u00f3digo que permite la ejecuci\u00f3n de c\u00f3digo de programa arbitrario elegido por el usuario. Por lo tanto, un atacante puede controlar el comportamiento del sistema ejecutando c\u00f3digo malicioso que potencialmente puede aumentar los privilegios con un bajo impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "lastModified": "2024-11-21T08:55:38.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:ides_ecc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1F3ABB7-AE38-4215-9770-E9AD0AAB674A"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}