mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
145 lines
5.9 KiB
JSON
145 lines
5.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-37176",
|
|
"ASSIGNER": "cna@sap.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-862: Missing Authorization",
|
|
"cweId": "CWE-862"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "SAP_SE",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SAP BW/4HANA Transformation and Data Transfer Process",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "DW4CORE 200"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "300"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "400"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "796"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "SAP_BW 740"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "750"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "751"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "752"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "753"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "754"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "755"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "756"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "757"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "758"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3465455",
|
|
"refsource": "MISC",
|
|
"name": "https://me.sap.com/notes/3465455"
|
|
},
|
|
{
|
|
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html",
|
|
"refsource": "MISC",
|
|
"name": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |