Low Impact DLL Injection Vulnerability in SAP Product Lifecycle Costing Client
CVE-2024-47576

3.3LOW

Key Information:

Vendor: SAP
Status: SAP Product Lifecycle Costing
Vendor: CVE Published:; 10 December 2024

Summary

SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.

Affected Version(s)

SAP Product Lifecycle Costing PLC_CLIENT 4

References

https://me.sap.com/notes/3504847

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Sep 27, 2024