CVE-2024-41736

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3475427	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:permit_to_work:uis4hop1_800:::::::*
	cpe:2.3:a:sap:permit_to_work:uis4hop1_900:::::::*

History

No history.

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:51

NVD link : CVE-2024-41736

Mitre link : CVE-2024-41736

CVE.ORG link : CVE-2024-41736

JSON object : View

Products Affected

sap

permit_to_work

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-41736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-13T04:15:09.607", "references": [{"url": "https://me.sap.com/notes/3475427", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP Permit to Work permite que un atacante autenticado acceda a informaci\u00f3n que de otro modo estar\u00eda restringida, lo que causa un bajo impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-12T13:51:42.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C89623C8-C8AC-47B1-8EB5-CAAFBD64FAE3"}, {"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40CB5F2B-8B3E-4266-AB66-7680174E69F5"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}