CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42377 – Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
https://notcve.org/view.php?id=CVE-2024-42377
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application • https://me.sap.com/notes/3474590 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42376 – Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
https://notcve.org/view.php?id=CVE-2024-42376
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. • https://me.sap.com/notes/3474590 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •