2024-07-09 06:03:13 +00:00
{
"id" : "CVE-2024-37175" ,
"sourceIdentifier" : "cna@sap.com" ,
"published" : "2024-07-09T05:15:11.823" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T09:23:21.793" ,
"vulnStatus" : "Modified" ,
2024-07-09 06:03:13 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation."
2024-07-09 20:03:11 +00:00
} ,
{
"lang" : "es" ,
"value" : "SAP CRM WebClient no realiza la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto podr\u00eda permitir que un atacante acceda a informaci\u00f3n confidencial."
2024-07-09 06:03:13 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-09-09 16:03:19 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "cna@sap.com" ,
"type" : "Secondary" ,
2024-09-09 16:03:19 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM" ,
2024-09-09 16:03:19 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "LOW" ,
2024-09-09 16:03:19 +00:00
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-09-09 16:03:19 +00:00
} ,
"exploitabilityScore" : 2.8 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 1.4
2024-09-09 16:03:19 +00:00
} ,
2024-07-09 06:03:13 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-07-09 06:03:13 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2024-07-09 06:03:13 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "HIGH" ,
2024-07-09 06:03:13 +00:00
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-07-09 06:03:13 +00:00
} ,
"exploitabilityScore" : 2.8 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 3.6
2024-07-09 06:03:13 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "cna@sap.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2024-07-09 06:03:13 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-862"
}
]
}
] ,
2024-09-09 16:03:19 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F8E0DA63-3FA7-4CC4-A14E-852A632C41BC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "378861FE-CD5D-49A9-8245-538A91190064"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA1262DB-E4C8-4298-B423-5EF859CE722F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F9D85325-56C8-4043-BDA8-C94FE946B912"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "42A51853-E87F-47A3-A257-86B28F8F4607"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2250BB48-10D6-480F-AE9F-10582674CC9A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "39AF19C9-275E-41E7-B80A-34E31620ABBA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F220D25-9344-482A-A36C-9D743EA55DE8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "48791122-7265-4C51-8AEB-DEBC199F9A7F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9EEA160-B4B4-45E9-84C8-C26E52D6F329"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8BDBE717-ADB6-4080-A198-E468080F82B2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1B8775BD-EAB8-4F08-B65D-35B704C0E36B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2BFCEADC-7359-470F-A412-5B2808CF6069"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A387786F-F4F6-44FC-B969-6FB92A1AA096"
}
]
}
]
}
] ,
2024-07-09 06:03:13 +00:00
"references" : [
{
"url" : "https://me.sap.com/notes/3467377" ,
2024-09-09 16:03:19 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Permissions Required"
]
2024-07-09 06:03:13 +00:00
} ,
{
"url" : "https://url.sap/sapsecuritypatchday" ,
2024-09-09 16:03:19 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://me.sap.com/notes/3467377" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Permissions Required"
]
} ,
{
"url" : "https://url.sap/sapsecuritypatchday" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2024-07-09 06:03:13 +00:00
}
]
}
