CVE-2024-42376 MEDIUM

CVE-2024-42376: Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

Vendor Sap_Se

Product SAP Shared Service Framework

Weakness CWE-862 · Missing authorization

Published August 13, 2024

Last update August 13, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.

Key dates

02Disclosure timeline

August 13, 2024 CVE published

August 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-42376

Related vulnerabilities

Identifiers

CVE CVE-2024-42376

CWE CWE-862

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP Shared Service Framework

Affected SAP_BS_FND 702

Vendor Sap_Se

Product SAP Shared Service Framework

Affected 731

Vendor Sap_Se

Product SAP Shared Service Framework

Affected 746

Vendor Sap_Se

Product SAP Shared Service Framework

Affected 747

Vendor Sap_Se

Product SAP Shared Service Framework

Affected 748

CVE-2024-42376: Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

01Description

02Disclosure timeline

03References

04Related CVE