CVE-2024-21737

Published Jan 9, 2024

Last updated 23 days ago

Overview

Description
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
Source
cna@sap.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cna@sap.com
CWE-94

Social media

Hype score
Not currently trending

Configurations