CVE-2024-37176 (GCVE-0-2024-37176)
Vulnerability from cvelistv5 – Published: 2024-06-11 02:14 – Updated: 2024-08-02 03:50
VLAI
Title
Missing Authorization check in SAP BW/4HANA Transformation and DTP
Summary
SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP BW/4HANA Transformation and Data Transfer Process |
Affected:
DW4CORE 200
Affected: 300 Affected: 400 Affected: 796 Affected: SAP_BW 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 |
|
| sap_se | sap_bw_4hana |
Affected:
dw4core200
cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
300
cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
400
cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
796
cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
sap_bw_740
cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
750
cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
751
cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
752
cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
753
cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
754
cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
755
cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
756
cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
757
cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
758
cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "dw4core200"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "300"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "400"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "796"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "sap_bw_740"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "750"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "751"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "752"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "753"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "754"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "755"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "756"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "757"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "758"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:51:16.715875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:16:58.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3465455"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BW/4HANA Transformation and Data Transfer Process",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "300"
},
{
"status": "affected",
"version": "400"
},
{
"status": "affected",
"version": "796"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"
}
],
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:14:45.656Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3465455"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP BW/4HANA Transformation and DTP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-37176",
"datePublished": "2024-06-11T02:14:45.656Z",
"dateReserved": "2024-06-04T07:49:42.492Z",
"dateUpdated": "2024-08-02T03:50:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-37176",
"date": "2026-07-08",
"epss": "0.00276",
"percentile": "0.19472"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:300:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CCF4C28-1C0B-43C3-A870-C30F53BCAA2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75EF2D12-866D-4AA5-A5C7-28CC069CABC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F5A41E1-1F2A-4EF4-A275-B6FD5D48D457\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"212EBCB5-D90A-4240-BAFE-396AC8EA5673\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"563665A1-2517-46BA-A922-FF30C039DFA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1FE07CA-8391-4E1C-ADF1-47D0E095522C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A30A302-C5A3-4A8C-BA8B-94EA32FF5CB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1567AA0-84D6-4B33-AF74-131FF99E7B0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40B22479-CDB1-4816-9F6C-B9E8F20C530E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:757:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D0D0D15-86ED-417D-9D09-4355D5C9AD5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:758:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DA8F2E8-343D-4C62-B5DE-7F8714387AED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:796:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"479ED325-5872-4E26-8F53-975F0F5580CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:dw4core_200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1163D7AA-77D0-4949-8022-1D275FC0EB03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:bw\\\\/4hana:sap_bw_740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BF1CD75-09C0-4807-A066-F729B663697A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SAP BW/4HANA Transformation and Data Transfer\\nProcess (DTP) allows an authenticated attacker to gain higher access levels\\nthan they should have by exploiting improper authorization checks. This results\\nin escalation of privileges. It has no impact on the confidentiality of data\\nbut may have low impacts on the integrity and availability of the application.\"}, {\"lang\": \"es\", \"value\": \"El proceso de transformaci\\u00f3n y transferencia de datos (DTP) de SAP BW/4HANA permite que un atacante autenticado obtenga niveles de acceso m\\u00e1s altos de los que deber\\u00eda tener al explotar controles de autorizaci\\u00f3n inadecuados. Esto da como resultado una escalada de privilegios. No tiene ning\\u00fan impacto en la confidencialidad de los datos, pero puede tener impactos bajos en la integridad y disponibilidad de la aplicaci\\u00f3n.\"}]",
"id": "CVE-2024-37176",
"lastModified": "2024-11-21T09:23:21.937",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}]}",
"published": "2024-06-11T03:15:12.020",
"references": "[{\"url\": \"https://me.sap.com/notes/3465455\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://me.sap.com/notes/3465455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-37176\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2024-06-11T03:15:12.020\",\"lastModified\":\"2026-06-17T07:37:53.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP BW/4HANA Transformation and Data Transfer\\nProcess (DTP) allows an authenticated attacker to gain higher access levels\\nthan they should have by exploiting improper authorization checks. This results\\nin escalation of privileges. It has no impact on the confidentiality of data\\nbut may have low impacts on the integrity and availability of the application.\"},{\"lang\":\"es\",\"value\":\"El proceso de transformaci\u00f3n y transferencia de datos (DTP) de SAP BW/4HANA permite que un atacante autenticado obtenga niveles de acceso m\u00e1s altos de los que deber\u00eda tener al explotar controles de autorizaci\u00f3n inadecuados. Esto da como resultado una escalada de privilegios. No tiene ning\u00fan impacto en la confidencialidad de los datos, pero puede tener impactos bajos en la integridad y disponibilidad de la aplicaci\u00f3n.\"}],\"affected\":[{\"source\":\"cna@sap.com\",\"affectedData\":[{\"vendor\":\"SAP_SE\",\"product\":\"SAP BW/4HANA Transformation and Data Transfer Process\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"DW4CORE 200\",\"status\":\"affected\"},{\"version\":\"300\",\"status\":\"affected\"},{\"version\":\"400\",\"status\":\"affected\"},{\"version\":\"796\",\"status\":\"affected\"},{\"version\":\"SAP_BW 740\",\"status\":\"affected\"},{\"version\":\"750\",\"status\":\"affected\"},{\"version\":\"751\",\"status\":\"affected\"},{\"version\":\"752\",\"status\":\"affected\"},{\"version\":\"753\",\"status\":\"affected\"},{\"version\":\"754\",\"status\":\"affected\"},{\"version\":\"755\",\"status\":\"affected\"},{\"version\":\"756\",\"status\":\"affected\"},{\"version\":\"757\",\"status\":\"affected\"},{\"version\":\"758\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"sap_se\",\"product\":\"sap_bw_4hana\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"dw4core200\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw_4hana\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"300\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw_4hana\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"400\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw_4hana\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"796\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw_4hana\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"sap_bw_740\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"750\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"751\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"752\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"753\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"754\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"755\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"756\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"757\",\"status\":\"affected\"}]},{\"vendor\":\"sap_se\",\"product\":\"sap_bw\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"758\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-06-11T13:51:16.715875Z\",\"id\":\"CVE-2024-37176\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CCF4C28-1C0B-43C3-A870-C30F53BCAA2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75EF2D12-866D-4AA5-A5C7-28CC069CABC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5A41E1-1F2A-4EF4-A275-B6FD5D48D457\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212EBCB5-D90A-4240-BAFE-396AC8EA5673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"563665A1-2517-46BA-A922-FF30C039DFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1FE07CA-8391-4E1C-ADF1-47D0E095522C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A30A302-C5A3-4A8C-BA8B-94EA32FF5CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1567AA0-84D6-4B33-AF74-131FF99E7B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B22479-CDB1-4816-9F6C-B9E8F20C530E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:757:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0D0D15-86ED-417D-9D09-4355D5C9AD5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:758:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DA8F2E8-343D-4C62-B5DE-7F8714387AED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:796:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"479ED325-5872-4E26-8F53-975F0F5580CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:dw4core_200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1163D7AA-77D0-4949-8022-1D275FC0EB03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:bw\\\\/4hana:sap_bw_740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BF1CD75-09C0-4807-A066-F729B663697A\"}]}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3465455\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://me.sap.com/notes/3465455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://me.sap.com/notes/3465455\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:50:54.783Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-37176\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T13:51:16.715875Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw_4hana\", \"versions\": [{\"status\": \"affected\", \"version\": \"dw4core200\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw_4hana\", \"versions\": [{\"status\": \"affected\", \"version\": \"300\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw_4hana\", \"versions\": [{\"status\": \"affected\", \"version\": \"400\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw_4hana\", \"versions\": [{\"status\": \"affected\", \"version\": \"796\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw_4hana\", \"versions\": [{\"status\": \"affected\", \"version\": \"sap_bw_740\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"750\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"751\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"752\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"753\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"754\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"755\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"756\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"757\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*\"], \"vendor\": \"sap_se\", \"product\": \"sap_bw\", \"versions\": [{\"status\": \"affected\", \"version\": \"758\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T13:56:48.247Z\"}}], \"cna\": {\"title\": \"Missing Authorization check in SAP BW/4HANA Transformation and DTP\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP BW/4HANA Transformation and Data Transfer Process\", \"versions\": [{\"status\": \"affected\", \"version\": \"DW4CORE 200\"}, {\"status\": \"affected\", \"version\": \"300\"}, {\"status\": \"affected\", \"version\": \"400\"}, {\"status\": \"affected\", \"version\": \"796\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 740\"}, {\"status\": \"affected\", \"version\": \"750\"}, {\"status\": \"affected\", \"version\": \"751\"}, {\"status\": \"affected\", \"version\": \"752\"}, {\"status\": \"affected\", \"version\": \"753\"}, {\"status\": \"affected\", \"version\": \"754\"}, {\"status\": \"affected\", \"version\": \"755\"}, {\"status\": \"affected\", \"version\": \"756\"}, {\"status\": \"affected\", \"version\": \"757\"}, {\"status\": \"affected\", \"version\": \"758\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3465455\"}, {\"url\": \"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP BW/4HANA Transformation and Data Transfer\\nProcess (DTP) allows an authenticated attacker to gain higher access levels\\nthan they should have by exploiting improper authorization checks. This results\\nin escalation of privileges. It has no impact on the confidentiality of data\\nbut may have low impacts on the integrity and availability of the application.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"SAP BW/4HANA Transformation and Data Transfer\\nProcess (DTP) allows an authenticated attacker to gain higher access levels\\nthan they should have by exploiting improper authorization checks. This results\\nin escalation of privileges. It has no impact on the confidentiality of data\\nbut may have low impacts on the integrity and availability of the application.\\n\\n\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2024-06-11T02:14:45.656Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-37176\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T03:50:54.783Z\", \"dateReserved\": \"2024-06-04T07:49:42.492Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2024-06-11T02:14:45.656Z\", \"assignerShortName\": \"sap\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…