Non-Admin User Can Insert Values into Non-Sensitive Table, with Minimal Impact on Application Integrity
CVE-2024-42377

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Shared Service Framework
Vendor: CVE Published:; 13 August 2024

Summary

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application

Affected Version(s)

SAP Shared Service Framework SAP_BS_FND 702

SAP Shared Service Framework 731

SAP Shared Service Framework 746

References

https://me.sap.com/notes/3474590

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 31, 2024