CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42377 – Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
https://notcve.org/view.php?id=CVE-2024-42377
13 Aug 2024 — SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application • https://me.sap.com/notes/3474590 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42376 – Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
https://notcve.org/view.php?id=CVE-2024-42376
13 Aug 2024 — SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. • https://me.sap.com/notes/3474590 • CWE-862: Missing Authorization •