Lucene search

[email protected]CVE-2024-21735

HistoryJan 09, 2024 - 1:15 a.m.

CVE-2024-21735

2024-01-0901:15:39

CWE-863

[email protected]

web.nvd.nist.gov

cve-2024-21735

sap

lt replication server

authorization checks

high impact

privilege escalation

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

Affected configurations

NVD

Node

saplt_replication_serverMatchs4core_103

saplt_replication_serverMatchs4core_104

saplt_replication_serverMatchs4core_105

saplt_replication_serverMatchs4core_106

saplt_replication_serverMatchs4core_107

saplt_replication_serverMatchs4core_108

CPENameOperatorVersion
sap:lt_replication_serversap lt replication servereqs4core_103
sap:lt_replication_serversap lt replication servereqs4core_104
sap:lt_replication_serversap lt replication servereqs4core_105
sap:lt_replication_serversap lt replication servereqs4core_106
sap:lt_replication_serversap lt replication servereqs4core_107
sap:lt_replication_serversap lt replication servereqs4core_108

CPE	Name	Operator	Version
sap:lt_replication_server	sap lt replication server	eq	s4core_103
sap:lt_replication_server	sap lt replication server	eq	s4core_104
sap:lt_replication_server	sap lt replication server	eq	s4core_105
sap:lt_replication_server	sap lt replication server	eq	s4core_106
sap:lt_replication_server	sap lt replication server	eq	s4core_107
sap:lt_replication_server	sap lt replication server	eq	s4core_108

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP LT Replication Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 103"
      },
      {
        "status": "affected",
        "version": "S4CORE 104"
      },
      {
        "status": "affected",
        "version": "S4CORE 105"
      },
      {
        "status": "affected",
        "version": "S4CORE 106"
      },
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ]
  }
]

References

me.sap.com/notes/3407617

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVE-2024-21735

cvelist1 prion1 nvd1