CVE-2024-21737 HIGH

CVE-2024-21737: Code Injection vulnerability in SAP Application Interface Framework (File Adapter)

Vendor Sap_Se
Product SAP Application Interface Framework (File Adapter)
Weakness CWE-94 · Code injection
Published January 9, 2024
Last update June 3, 2025

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

Key dates

02Disclosure timeline

January 9, 2024 CVE published
June 3, 2025 Record updated