All the vulnerabilites related to sap - document_builder
cve-2024-34683
Vulnerability from cvelistv5
Published
2024-06-11 02:08
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
An authenticated attacker can upload malicious
file to SAP Document Builder service. When the victim accesses this file, the
attacker is allowed to access, modify, or make the related information
unavailable in the victim’s browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP_SE | SAP Document Builder |
Version: S4CORE 100 Version: 101 Version: S4FND 102 Version: 103 Version: 104 Version: 105 Version: 106 Version: 107 Version: 108 Version: SAP_BS_FND 702 Version: 731 Version: 746 Version: 747 Version: 748 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:35:39.111955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:35:47.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3459379"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Document Builder",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "SAP_BS_FND 702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "746"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "748"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser.\n\n\n\n"
}
],
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:08:47.200Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3459379"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unrestricted file upload in SAP Document Builder (HTTP service)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-34683",
"datePublished": "2024-06-11T02:08:47.200Z",
"dateReserved": "2024-05-07T05:46:11.656Z",
"dateUpdated": "2024-08-02T02:59:22.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39591
Vulnerability from cvelistv5
Published
2024-08-13 05:00
Modified
2024-08-13 13:53
Severity ?
EPSS score ?
Summary
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP_SE | SAP Document Builder |
Version: S4FND 102 Version: S4FND 103 Version: S4FND 104 Version: S4FND 105 Version: S4FND 106 Version: S4FND 107 Version: S4FND 108 Version: SAP_BS_FND 702 Version: SAP_BS_FND 731 Version: SAP_BS_FND 746 Version: SAP_BS_FND 747 Version: SAP_BS_FND 748 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:53:17.560177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:53:27.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Document Builder",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "S4FND 103"
},
{
"status": "affected",
"version": "S4FND 104"
},
{
"status": "affected",
"version": "S4FND 105"
},
{
"status": "affected",
"version": "S4FND 106"
},
{
"status": "affected",
"version": "S4FND 107"
},
{
"status": "affected",
"version": "S4FND 108"
},
{
"status": "affected",
"version": "SAP_BS_FND 702"
},
{
"status": "affected",
"version": "SAP_BS_FND 731"
},
{
"status": "affected",
"version": "SAP_BS_FND 746"
},
{
"status": "affected",
"version": "SAP_BS_FND 747"
},
{
"status": "affected",
"version": "SAP_BS_FND 748"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T05:04:38.380Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3477423"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Document Builder",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-39591",
"datePublished": "2024-08-13T05:00:42.912Z",
"dateReserved": "2024-06-26T09:58:24.094Z",
"dateUpdated": "2024-08-13T13:53:27.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-06-11 03:15
Modified
2024-11-21 09:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Summary
An authenticated attacker can upload malicious
file to SAP Document Builder service. When the victim accesses this file, the
attacker is allowed to access, modify, or make the related information
unavailable in the victim’s browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3459379 | Permissions Required | |
| cna@sap.com | https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://me.sap.com/notes/3459379 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | document_builder | 101 | |
| sap | document_builder | 103 | |
| sap | document_builder | 104 | |
| sap | document_builder | 105 | |
| sap | document_builder | 106 | |
| sap | document_builder | 107 | |
| sap | document_builder | 108 | |
| sap | document_builder | 731 | |
| sap | document_builder | 746 | |
| sap | document_builder | 747 | |
| sap | document_builder | 748 | |
| sap | document_builder | s4core_100 | |
| sap | document_builder | s4fnd_102 | |
| sap | document_builder | sap_bs_fnd_702 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:document_builder:101:*:*:*:*:*:*:*",
"matchCriteriaId": "5350CBE5-1DC2-4385-BB54-CF00158A0E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:103:*:*:*:*:*:*:*",
"matchCriteriaId": "AACFC047-8DF1-4A7A-8678-B06DA5FDB813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:104:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBE181-4350-4629-947E-04ED3CE715F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:105:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C51CE6-E2A3-4100-A45E-5BE6997BF5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:106:*:*:*:*:*:*:*",
"matchCriteriaId": "36E9BCB7-A284-4F3E-8894-A6BB02294959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:107:*:*:*:*:*:*:*",
"matchCriteriaId": "9766F9DB-CF4F-45E3-B040-3962DBACECF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:108:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B2AFEF-DE52-4D22-A67F-E85F7CACA118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5C930294-CB73-4D42-A406-8579B60E43B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:746:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA983A4-C5D1-4757-BE08-224F69380A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:747:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFD8074-7613-4E8A-B69E-691813EAC685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:748:*:*:*:*:*:*:*",
"matchCriteriaId": "662FF019-5901-4B3A-B5F6-CDFC9065783B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4core_100:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2A67C2-2564-4F41-BE38-C33D2C7CF9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
"matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
"matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser."
},
{
"lang": "es",
"value": "Un atacante autenticado puede cargar un archivo malicioso en el servicio SAP Document Builder. Cuando la v\u00edctima accede a este archivo, el atacante puede acceder, modificar o hacer que la informaci\u00f3n relacionada no est\u00e9 disponible en el navegador de la v\u00edctima."
}
],
"id": "CVE-2024-34683",
"lastModified": "2024-11-21T09:19:11.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-11T03:15:10.623",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3459379"
},
{
"source": "cna@sap.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3459379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 05:15
Modified
2024-09-12 13:29
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3477423 | Permissions Required | |
| cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | document_builder | s4fnd_102 | |
| sap | document_builder | s4fnd_103 | |
| sap | document_builder | s4fnd_104 | |
| sap | document_builder | s4fnd_105 | |
| sap | document_builder | s4fnd_106 | |
| sap | document_builder | s4fnd_107 | |
| sap | document_builder | s4fnd_108 | |
| sap | document_builder | sap_bs_fnd_702 | |
| sap | document_builder | sap_bs_fnd_731 | |
| sap | document_builder | sap_bs_fnd_746 | |
| sap | document_builder | sap_bs_fnd_747 | |
| sap | document_builder | sap_bs_fnd_748 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
"matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD3306-BD29-4E59-A0BE-7BEFB80E83A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*",
"matchCriteriaId": "49820851-29AD-4467-9CC9-6938197538A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*",
"matchCriteriaId": "6012CA9C-F45A-44FD-84A2-960D41638458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*",
"matchCriteriaId": "25337ED2-24AC-4329-89FE-2ACC8F806721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*",
"matchCriteriaId": "A48BA465-1906-4E24-BCC4-43677988EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*",
"matchCriteriaId": "7562A2A3-BBA4-4FE7-800C-1D0A9FD750D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
"matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FA8D4E-C6EB-4DD9-9729-0CE94FC1023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*",
"matchCriteriaId": "B2ED89F2-6C57-4393-9D7C-EF02C399F514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*",
"matchCriteriaId": "8D738350-C117-4248-9334-2D1540986E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*",
"matchCriteriaId": "9242A4C0-3C2B-4877-A3CA-F17C2A036162",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application."
},
{
"lang": "es",
"value": "SAP Document Builder no realiza las comprobaciones de autorizaci\u00f3n necesarias para uno de los m\u00f3dulos de funciones, lo que da como resultado una escalada de privilegios que tiene un bajo impacto en la confidencialidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2024-39591",
"lastModified": "2024-09-12T13:29:47.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-13T05:15:13.347",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3477423"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}