CVE-2024-42376
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/08/2024
Last modified:
12/09/2024
Description
SAP Shared Service Framework does not perform necessary<br />
authorization check for an authenticated user, resulting in escalation of<br />
privileges. On successful exploitation, an attacker can cause a high impact on<br />
confidentiality of the application.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_731:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_746:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_747:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:shared_service_framework:sap_bs_fnd_748:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page