SQL injection vulnerability in SAP Global Label Management (GLM)

CVE-2024-33009

4.2MEDIUM

Key Information

Vendor: SAP
Status: SAP Global Label Management (glm)
Vendor: CVE Published:; 14 May 2024

Summary

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

Affected Version(s)

SAP Global Label Management (GLM) = 605

SAP Global Label Management (GLM) = 606

SAP Global Label Management (GLM) = 616

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Apr 23, 2024

Collectors

NVD DatabaseMitre Database