Lucene search

SapCVELIST:CVE-2024-33009

HistoryMay 14, 2024 - 3:58 a.m.

CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)

2024-05-1403:58:53

CWE-89

sap

www.cve.org

cve-2024-33009

sql injection

sap global label management

confidentiality

integrity

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Global Label Management (GLM)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "606"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "617"
      }
    ]
  }
]

References

me.sap.com/notes/1938764

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-33009