← Back

CVE-2024-22131

nvd nist
Published: Feb 13, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform.  Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.

Affected (10)

Products: Sap: Abap Platform
Sap
1 product
Abap Platform
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Abap Platform
Version 700
Abap Platform
Version 701
Abap Platform
Version 702
Abap Platform
Version 731
Abap Platform
Version 740
Abap Platform
Version 750
Abap Platform
Version 751
Abap Platform
Version 752
Abap Platform
Version 75c
Abap Platform
Version 75i

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.