CVE-2024-21737

Published Jan 9, 2024

Last updated 10 months ago

Overview

Description: In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
Source: cna@sap.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cna@sap.com: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:application_interface_framework:702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30146C01-CD00-4100-BB51-7ADD88F69A64"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References