CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application
References
Link Resource
https://me.sap.com/notes/3474590 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*

History

12 Sep 2024, 13:42

Type Values Removed Values Added
First Time Sap shared Service Framework
Sap
Summary
  • (es) El framework de servicios compartidos de SAP permite a un usuario no administrativo autenticado llamar a una función habilitada de forma remota, lo que le permitirá insertar entradas de valores en una tabla no confidencial, lo que causa un bajo impacto en la integridad de la aplicación.
References () https://me.sap.com/notes/3474590 - () https://me.sap.com/notes/3474590 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:42


NVD link : CVE-2024-42377

Mitre link : CVE-2024-42377

CVE.ORG link : CVE-2024-42377


JSON object : View

Products Affected

sap

  • shared_service_framework
CWE
CWE-862

Missing Authorization