CVE-2024-47576

Published Dec 10, 2024

Last updated 3 months ago

CVSS low 3.3

Overview

Description
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

cna@sap.com
CWE-427

Social media

Hype score
Not currently trending

  1. CVE-2024-47576 DLL Hijacking Vulnerability in SAP Product Lifecycle Costing Client SAP Product Lifecycle Costing Client (below version 4.7.1) has a vulnerability. It loads a DLL from the Windows OS when needed. T... https://t.co/bJEjs2exue

    @VulmonFeeds

    10 Dec 2024

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References