CVE-2024-42377

{"id": "CVE-2024-42377", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-13T04:15:11.290", "references": [{"url": "https://me.sap.com/notes/3474590", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP shared service framework allows an\nauthenticated non-administrative user to call a remote-enabled function, which\nwill allow them to insert value entries into a non-sensitive table, causing low\nimpact on integrity of the application"}, {"lang": "es", "value": "El framework de servicios compartidos de SAP permite a un usuario no administrativo autenticado llamar a una funci\u00f3n habilitada de forma remota, lo que le permitir\u00e1 insertar entradas de valores en una tabla no confidencial, lo que causa un bajo impacto en la integridad de la aplicaci\u00f3n."}], "lastModified": "2024-09-12T13:42:11.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AC1EAA0-7B20-4B4C-9F7D-8F7832D91BCE"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFE56A04-ADDE-4A27-87CA-C801DFA5CD80"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36822481-BB89-421A-99D5-33854E6080B9"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA0ED8A-F75D-49DF-BD37-CD3273E2F8E4"}, {"criteria": "cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6852223A-C675-4F29-92E4-90092DBDF11E"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}