CVE-2024-44117

{"id": "CVE-2024-44117", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T05:15:11.050", "references": [{"url": "https://me.sap.com/notes/3488039", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application."}, {"lang": "es", "value": "El m\u00f3dulo de funci\u00f3n habilitado para RFC permite que un usuario con pocos privilegios realice varias acciones, como modificar las URL de los nodos favoritos de cualquier usuario y la identificaci\u00f3n del libro de trabajo. El impacto en la integridad y la disponibilidad de la aplicaci\u00f3n es m\u00ednimo."}], "lastModified": "2024-09-10T12:09:50.377", "sourceIdentifier": "cna@sap.com"}