CVE-2024-47595

Published: Nov 12, 2024Modified: Nov 14, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

Affected (1)

Products: Sap: Host Agent

Sap

1 product

Host Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Host Agent	Version 7.22

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

https://me.sap.com/notes/3509619

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.