Lucene search

SapCVELIST:CVE-2024-22125

HistoryJan 09, 2024 - 1:20 a.m.

CVE-2024-22125 Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)

2024-01-0901:20:19

CWE-497

sap

www.cve.org

vulnerability

microsoft edge

sap gui connector

information disclosure

confidentiality

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

me.sap.com/notes/3386378

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2024-22125