CVE-2024-27901

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3438234
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Configurations

No configuration.

History

09 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) SAP Asset Accounting podría permitir que un atacante con altos privilegios aproveche la validación insuficiente de la información de ruta proporcionada por los usuarios y la pase a las API de archivos. Provocando así un impacto considerable en la confidencialidad, integridad y disponibilidad de la aplicación.

09 Apr 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-04-09 12:48

NVD link : CVE-2024-27901

Mitre link : CVE-2024-27901

CVE.ORG link : CVE-2024-27901

JSON object : View

Products Affected

No product.

CWE

CWE-35

Path Traversal: '.../...//'

7.2 /10