Vulnerabilities > CVE-2024-42377 - Missing Authorization vulnerability in SAP Shared Service Framework

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Shared Service Framework Sap_Bs_Fnd_702 SAP Shared Service Framework Sap_Bs_Fnd_731 SAP Shared Service Framework Sap_Bs_Fnd_746 SAP Shared Service Framework Sap_Bs_Fnd_747 SAP Shared Service Framework Sap_Bs_Fnd_748	5

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://me.sap.com/notes/3474590
https://url.sap/sapsecuritypatchday