Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-41729 (GCVE-0-2024-41729)
Vulnerability from cvelistv5 – Published: 2024-09-10 02:33 – Updated: 2024-09-10 14:05
VLAI?
EPSS
Summary
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) |
Affected:
DW4CORE 200
Affected: DW4CORE 300 Affected: DW4CORE 400 Affected: SAP_BW 700 Affected: SAP_BW 701 Affected: SAP_BW 702 Affected: SAP_BW 731 Affected: SAP_BW 740 Affected: SAP_BW 750 Affected: SAP_BW 751 Affected: SAP_BW 752 Affected: SAP_BW 753 Affected: SAP_BW 754 Affected: SAP_BW 755 Affected: SAP_BW 756 Affected: SAP_BW 757 Affected: SAP_BW 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:05:27.673500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:05:36.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver BW (BEx Analyzer)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "DW4CORE 300"
},
{
"status": "affected",
"version": "DW4CORE 400"
},
{
"status": "affected",
"version": "SAP_BW 700"
},
{
"status": "affected",
"version": "SAP_BW 701"
},
{
"status": "affected",
"version": "SAP_BW 702"
},
{
"status": "affected",
"version": "SAP_BW 731"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "SAP_BW 750"
},
{
"status": "affected",
"version": "SAP_BW 751"
},
{
"status": "affected",
"version": "SAP_BW 752"
},
{
"status": "affected",
"version": "SAP_BW 753"
},
{
"status": "affected",
"version": "SAP_BW 754"
},
{
"status": "affected",
"version": "SAP_BW 755"
},
{
"status": "affected",
"version": "SAP_BW 756"
},
{
"status": "affected",
"version": "SAP_BW 757"
},
{
"status": "affected",
"version": "SAP_BW 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "eng",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T02:33:32.937Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3481588"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-41729",
"datePublished": "2024-09-10T02:33:32.937Z",
"dateReserved": "2024-07-22T08:06:52.675Z",
"dateUpdated": "2024-09-10T14:05:36.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\"}, {\"lang\": \"es\", \"value\": \"Debido a la falta de comprobaciones de autorizaci\\u00f3n, SAP BEx Analyzer permite que un atacante autenticado acceda a informaci\\u00f3n a trav\\u00e9s de la red que, de otro modo, estar\\u00eda restringida. Si la explotaci\\u00f3n es exitosa, el atacante puede enumerar informaci\\u00f3n, lo que provoca un impacto limitado en la confidencialidad de la aplicaci\\u00f3n.\"}]",
"id": "CVE-2024-41729",
"lastModified": "2024-09-10T12:09:50.377",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2024-09-10T03:15:02.033",
"references": "[{\"url\": \"https://me.sap.com/notes/3481588\", \"source\": \"cna@sap.com\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\", \"source\": \"cna@sap.com\"}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-359\"}, {\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-41729\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2024-09-10T03:15:02.033\",\"lastModified\":\"2024-09-10T12:09:50.377\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\"},{\"lang\":\"es\",\"value\":\"Debido a la falta de comprobaciones de autorizaci\u00f3n, SAP BEx Analyzer permite que un atacante autenticado acceda a informaci\u00f3n a trav\u00e9s de la red que, de otro modo, estar\u00eda restringida. Si la explotaci\u00f3n es exitosa, el atacante puede enumerar informaci\u00f3n, lo que provoca un impacto limitado en la confidencialidad de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"},{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3481588\",\"source\":\"cna@sap.com\"},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T14:05:27.673500Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T14:05:32.500Z\"}}], \"cna\": {\"title\": \"Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP NetWeaver BW (BEx Analyzer)\", \"versions\": [{\"status\": \"affected\", \"version\": \"DW4CORE 200\"}, {\"status\": \"affected\", \"version\": \"DW4CORE 300\"}, {\"status\": \"affected\", \"version\": \"DW4CORE 400\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 700\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 701\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 702\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 731\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 740\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 750\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 751\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 752\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 753\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 754\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 755\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 756\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 757\"}, {\"status\": \"affected\", \"version\": \"SAP_BW 758\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3481588\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDue to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-359\", \"description\": \"CWE-359: Exposure of Private Personal Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2024-09-10T02:33:32.937Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-41729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-10T14:05:36.468Z\", \"dateReserved\": \"2024-07-22T08:06:52.675Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2024-09-10T02:33:32.937Z\", \"assignerShortName\": \"sap\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-2086
Vulnerability from csaf_certbund - Published: 2024-09-09 22:00 - Updated: 2024-09-09 22:00Summary
SAP Patchday September 2024
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2086.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2086"
},
{
"category": "external",
"summary": "SAP Security Patch Day \u2013 September 2024 vom 2024-09-09",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2024",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T10:03:41.307+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2086",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T031077",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-33003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33003"
},
{
"cve": "CVE-2024-41728",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-41730",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41730"
},
{
"cve": "CVE-2024-42371",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45286"
}
]
}
WID-SEC-W-2024-3093
Vulnerability from csaf_certbund - Published: 2024-10-07 22:00 - Updated: 2024-10-07 22:00Summary
SAP Software: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3093 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3093.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3093 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3093"
},
{
"category": "external",
"summary": "SAP Security Patch Day \u2013 October 2024 vom 2024-10-07",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html"
}
],
"source_lang": "en-US",
"title": "SAP Software: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-07T22:00:00.000+00:00",
"generator": {
"date": "2024-10-08T08:11:29.115+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3093",
"initial_release_date": "2024-10-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T038023",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23302",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2022-23302"
},
{
"cve": "CVE-2024-37179",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-37179"
},
{
"cve": "CVE-2024-37180",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-37180"
},
{
"cve": "CVE-2024-39592",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-39592"
},
{
"cve": "CVE-2024-41729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-41730",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-41730"
},
{
"cve": "CVE-2024-42373",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-42373"
},
{
"cve": "CVE-2024-45277",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-45277"
},
{
"cve": "CVE-2024-45278",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-45278"
},
{
"cve": "CVE-2024-45282",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-45282"
},
{
"cve": "CVE-2024-45283",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-47594",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler bestehen in verschiedenen Komponenten wie NetWeaver, SAP HANA oder der BusinessObjects Business Intelligence Platform, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung oder einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T038023"
]
},
"release_date": "2024-10-07T22:00:00.000+00:00",
"title": "CVE-2024-47594"
}
]
}
GHSA-57V4-696X-63W9
Vulnerability from github – Published: 2024-09-10 03:31 – Updated: 2024-09-10 03:31
VLAI?
Details
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-41729"
],
"database_specific": {
"cwe_ids": [
"CWE-359"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T03:15:02Z",
"severity": "MODERATE"
},
"details": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.",
"id": "GHSA-57v4-696x-63w9",
"modified": "2024-09-10T03:31:31Z",
"published": "2024-09-10T03:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41729"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3481588"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
NCSC-2024-0378
Vulnerability from csaf_ncscnl - Published: 2024-09-19 11:37 - Updated: 2024-09-19 11:37Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site Scripting (XSS)
- Omzeilen van authenticatie
- Omzeilen van beveiligingsmaatregel
- Uitvoer van willekeurige code (gebruikersrechten)
- Toegang tot gevoelige gegevens
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CWE-426
Untrusted Search Path
CWE-256
Plaintext Storage of a Password
CWE-325
Missing Cryptographic Step
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site Scripting (XSS)\n- Omzeilen van authenticatie\n- Omzeilen van beveiligingsmaatregel\n- Uitvoer van willekeurige code (gebruikersrechten)\n- Toegang tot gevoelige gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - sap",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP producten",
"tracking": {
"current_release_date": "2024-09-19T11:37:39.757598Z",
"id": "NCSC-2024-0378",
"initial_release_date": "2024-09-19T11:37:39.757598Z",
"revision_history": [
{
"date": "2024-09-19T11:37:39.757598Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637389",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496469",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496470",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496475",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496476",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496477",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496478",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "businessobjects_business_intelligence_platform",
"product": {
"name": "businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-55202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_cloud",
"product": {
"name": "commerce_cloud",
"product_id": "CSAFPID-382448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173007",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173009",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173010",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74446",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74454",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74442",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74453",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74449",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74432",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-340930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-1637232",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637253",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637250",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637252",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637255",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637254",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637251",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_for_java",
"product": {
"name": "netweaver_as_for_java",
"product_id": "CSAFPID-164614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_for_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_java",
"product": {
"name": "netweaver_as_java",
"product_id": "CSAFPID-837776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637280",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637282",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637278",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637283",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637284",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637276",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637281",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637279",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637273",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637275",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637285",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637288",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637277",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637272",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_enterprise_portal",
"product": {
"name": "netweaver_enterprise_portal",
"product_id": "CSAFPID-55577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642800",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642801",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642806",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637375",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637376",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637377",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637378",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637380",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637381",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637382",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637388",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637267",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637259",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637268",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637270",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637269",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap",
"product": {
"name": "sap",
"product_id": "CSAFPID-1498297",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:sap:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1614510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1637289",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475927",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475928",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475929",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap"
},
{
"branches": [
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637075",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637088",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_businessobjects_business_intelligence_platform",
"product": {
"name": "sap_businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-1464457",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637153",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637154",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637155",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637159",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637167",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637144",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637145",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637146",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637147",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637148",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637149",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637150",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637151",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559126",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559127",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559128",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559129",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559130",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559131",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637090",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637091",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637092",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_for_java__destination_service_",
"product": {
"name": "sap_netweaver_as_for_java__destination_service_",
"product_id": "CSAFPID-1637194",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_for_java__destination_service_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_java__logon_application_",
"product": {
"name": "sap_netweaver_as_java__logon_application_",
"product_id": "CSAFPID-1637152",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_java__logon_application_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637097",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637098",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637099",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637103",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637104",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637105",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_enterprise_portal",
"product": {
"name": "sap_netweaver_enterprise_portal",
"product_id": "CSAFPID-1550602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637171",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637173",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637174",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637175",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637176",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637177",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637178",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637179",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637180",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637168",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637169",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637170",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4_hana__statutory_reports_",
"product": {
"name": "sap_s_4_hana__statutory_reports_",
"product_id": "CSAFPID-1637136",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4_hana__statutory_reports_:900:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_102:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_103:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_104:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_105:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637117",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614213",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614214",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1637190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614215",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614218",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614219",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614220",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614221",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap_se"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2013-3587",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2013/CVE-2013-3587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
}
],
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2024-41728",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41728",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41729",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41729.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-42371",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42380",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42380.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44112",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
}
],
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44113",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44113.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44115",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44117",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44117.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44120.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44121",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44121.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45279",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45279.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45281",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45281.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "other",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45283",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45284",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45284.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45285",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45285.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45286.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45286"
}
]
}
CNVD-2024-49632
Vulnerability from cnvd - Published: 2024-12-30
VLAI Severity ?
Title
SAP NetWeaver授权问题漏洞(CNVD-2024-49632)
Description
SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。
SAP NetWeaver存在授权问题漏洞,该漏洞源于缺少授权检查,经过身份验证的攻击者可利用该漏洞通过网络访问信息,否则这些信息将受到限制。
Severity
中
Patch Name
SAP NetWeaver授权问题漏洞(CNVD-2024-49632)的补丁
Patch Description
SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。
SAP NetWeaver存在授权问题漏洞,该漏洞源于缺少授权检查,经过身份验证的攻击者可利用该漏洞通过网络访问信息,否则这些信息将受到限制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html
Reference
https://me.sap.com/notes/3481588
Impacted products
| Name | ['SAP SAP Netweaver DW4CORE 200', 'SAP SAP Netweaver DW4CORE 300', 'SAP SAP Netweaver DW4CORE 400', 'SAP SAP Netweaver SAP_BW 700', 'SAP SAP Netweaver SAP_BW 701', 'SAP SAP Netweaver SAP_BW 702', 'SAP SAP Netweaver SAP_BW 731', 'SAP SAP Netweaver SAP_BW 740', 'SAP SAP Netweaver SAP_BW 750', 'SAP SAP Netweaver SAP_BW 751', 'SAP SAP Netweaver SAP_BW 752', 'SAP SAP Netweaver SAP_BW 753', 'SAP SAP Netweaver SAP_BW 754', 'SAP SAP Netweaver SAP_BW 755', 'SAP SAP Netweaver SAP_BW 756', 'SAP SAP Netweaver SAP_BW 757', 'SAP SAP Netweaver SAP_BW 758'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-41729",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-41729"
}
},
"description": "SAP NetWeaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002\n\nSAP NetWeaver\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u6388\u6743\u68c0\u67e5\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u4fe1\u606f\uff0c\u5426\u5219\u8fd9\u4e9b\u4fe1\u606f\u5c06\u53d7\u5230\u9650\u5236\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-49632",
"openTime": "2024-12-30",
"patchDescription": "SAP NetWeaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nSAP NetWeaver\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u6388\u6743\u68c0\u67e5\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u8bbf\u95ee\u4fe1\u606f\uff0c\u5426\u5219\u8fd9\u4e9b\u4fe1\u606f\u5c06\u53d7\u5230\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SAP NetWeaver\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2024-49632\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"SAP SAP Netweaver DW4CORE 200",
"SAP SAP Netweaver DW4CORE 300",
"SAP SAP Netweaver DW4CORE 400",
"SAP SAP Netweaver SAP_BW 700",
"SAP SAP Netweaver SAP_BW 701",
"SAP SAP Netweaver SAP_BW 702",
"SAP SAP Netweaver SAP_BW 731",
"SAP SAP Netweaver SAP_BW 740",
"SAP SAP Netweaver SAP_BW 750",
"SAP SAP Netweaver SAP_BW 751",
"SAP SAP Netweaver SAP_BW 752",
"SAP SAP Netweaver SAP_BW 753",
"SAP SAP Netweaver SAP_BW 754",
"SAP SAP Netweaver SAP_BW 755",
"SAP SAP Netweaver SAP_BW 756",
"SAP SAP Netweaver SAP_BW 757",
"SAP SAP Netweaver SAP_BW 758"
]
},
"referenceLink": "https://me.sap.com/notes/3481588",
"serverity": "\u4e2d",
"submitTime": "2024-09-18",
"title": "SAP NetWeaver\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2024-49632\uff09"
}
CERTFR-2024-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP pour Oil & Gas | SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | Business Warehouse | Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4 HANA version 900 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | Replication Server | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité | ||
| SAP | Production et Revenue Accounting | Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA eProcurement | S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP pour Oil \u0026 Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP pour Oil \u0026 Gas",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA version 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Production et Revenue Accounting",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA eProcurement",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45281"
},
{
"name": "CVE-2024-44115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44115"
},
{
"name": "CVE-2024-45279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45279"
},
{
"name": "CVE-2024-44117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44117"
},
{
"name": "CVE-2024-33003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33003"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45285"
},
{
"name": "CVE-2024-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45286"
},
{
"name": "CVE-2024-44116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44116"
},
{
"name": "CVE-2024-44113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44113"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-44112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44112"
},
{
"name": "CVE-2024-41728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41728"
},
{
"name": "CVE-2024-42371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42371"
},
{
"name": "CVE-2024-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42380"
},
{
"name": "CVE-2024-45280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45280"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2013-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3587"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2024-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45284"
},
{
"name": "CVE-2024-44114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44114"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-44121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44121"
},
{
"name": "CVE-2024-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42378"
},
{
"name": "CVE-2024-44120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44120"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
]
}
CERTFR-2024-AVI-0844
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | Commerce Backoffice versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4 HANA (Manage Bank Statements) versions S4CORE, 102, 103, 104, 105, 106 et 107 sans le dernier correctif de sécurité | ||
| SAP | N/A | Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal (KMC) version KMC-BC 7.5 sans le dernier correctif de sécurité | ||
| SAP | N/A | PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Business Intelligence Platform (Web Intelligence) versions ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430 et 2025 sans le dernier correctif de sécurité | ||
| SAP | N/A | HANA Client version HDB_CLIENT 2.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS for Java version 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | SAP NetWeaver Application Server pour plateformes ABAP et ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | Enterprise Project Connection version 3.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Backoffice versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA (Manage Bank Statements) versions S4CORE, 102, 103, 104, 105, 106 et 107 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal (KMC) version KMC-BC 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform (Web Intelligence) versions ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "HANA Client version HDB_CLIENT 2.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS for Java version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour plateformes ABAP et ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Enterprise Project Connection version 3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45282"
},
{
"name": "CVE-2024-42373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42373"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-37180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37180"
},
{
"name": "CVE-2024-45278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45278"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2024-45277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45277"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-47594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47594"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2024-39592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39592"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-37179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37179"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0844",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 SAP october-2024",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html"
}
]
}
CERTFR-2024-AVI-0844
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | Commerce Backoffice versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4 HANA (Manage Bank Statements) versions S4CORE, 102, 103, 104, 105, 106 et 107 sans le dernier correctif de sécurité | ||
| SAP | N/A | Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal (KMC) version KMC-BC 7.5 sans le dernier correctif de sécurité | ||
| SAP | N/A | PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Business Intelligence Platform (Web Intelligence) versions ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430 et 2025 sans le dernier correctif de sécurité | ||
| SAP | N/A | HANA Client version HDB_CLIENT 2.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS for Java version 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | SAP NetWeaver Application Server pour plateformes ABAP et ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | N/A | Enterprise Project Connection version 3.0 sans le dernier correctif de sécurité | ||
| SAP | N/A | BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Backoffice versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA (Manage Bank Statements) versions S4CORE, 102, 103, 104, 105, 106 et 107 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal (KMC) version KMC-BC 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform (Web Intelligence) versions ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "HANA Client version HDB_CLIENT 2.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS for Java version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour plateformes ABAP et ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Enterprise Project Connection version 3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45282"
},
{
"name": "CVE-2024-42373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42373"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-37180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37180"
},
{
"name": "CVE-2024-45278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45278"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2024-45277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45277"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2024-47594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47594"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2024-39592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39592"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-37179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37179"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0844",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 SAP october-2024",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html"
}
]
}
CERTFR-2024-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP pour Oil & Gas | SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | Business Warehouse | Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4 HANA version 900 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | Replication Server | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité | ||
| SAP | Production et Revenue Accounting | Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA eProcurement | S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP pour Oil \u0026 Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP pour Oil \u0026 Gas",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA version 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Production et Revenue Accounting",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA eProcurement",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45281"
},
{
"name": "CVE-2024-44115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44115"
},
{
"name": "CVE-2024-45279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45279"
},
{
"name": "CVE-2024-44117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44117"
},
{
"name": "CVE-2024-33003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33003"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45285"
},
{
"name": "CVE-2024-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45286"
},
{
"name": "CVE-2024-44116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44116"
},
{
"name": "CVE-2024-44113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44113"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-44112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44112"
},
{
"name": "CVE-2024-41728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41728"
},
{
"name": "CVE-2024-42371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42371"
},
{
"name": "CVE-2024-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42380"
},
{
"name": "CVE-2024-45280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45280"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2013-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3587"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2024-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45284"
},
{
"name": "CVE-2024-44114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44114"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-44121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44121"
},
{
"name": "CVE-2024-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42378"
},
{
"name": "CVE-2024-44120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44120"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
]
}
FKIE_CVE-2024-41729
Vulnerability from fkie_nvd - Published: 2024-09-10 03:15 - Updated: 2024-09-10 12:09
Severity ?
Summary
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
},
{
"lang": "es",
"value": "Debido a la falta de comprobaciones de autorizaci\u00f3n, SAP BEx Analyzer permite que un atacante autenticado acceda a informaci\u00f3n a trav\u00e9s de la red que, de otro modo, estar\u00eda restringida. Si la explotaci\u00f3n es exitosa, el atacante puede enumerar informaci\u00f3n, lo que provoca un impacto limitado en la confidencialidad de la aplicaci\u00f3n."
}
],
"id": "CVE-2024-41729",
"lastModified": "2024-09-10T12:09:50.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
}
]
},
"published": "2024-09-10T03:15:02.033",
"references": [
{
"source": "cna@sap.com",
"url": "https://me.sap.com/notes/3481588"
},
{
"source": "cna@sap.com",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-359"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…