Non-Admin User Can Insert Values into Non-Sensitive Table, with Minimal Impact on Application Integrity

CVE-2024-42377

4.3MEDIUM

Key Information

Vendor: SAP
Status: SAP Shared Service Framework
Vendor: CVE Published:; 13 August 2024

Summary

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application

Affected Version(s)

SAP Shared Service Framework = SAP_BS_FND 702

SAP Shared Service Framework = 731

SAP Shared Service Framework = 746

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jul 31, 2024

Collectors

NVD DatabaseMitre Database