Lucene search

[email protected]CVE-2024-37177

HistoryJun 11, 2024 - 2:15 a.m.

CVE-2024-37177

2024-06-1102:15:09

CWE-79

[email protected]

web.nvd.nist.gov

sap financial consolidation

data entry

vulnerability

web application

untrusted source

network

exploitation

attacker

confidentiality

integrity

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Financial Consolidation",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "FINANCE 1010"
      }
    ]
  }
]

References

me.sap.com/notes/3457592

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-37177

cvelist1 vulnrichment1 nvd1