CVE-2024-42376
Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
SAP Shared Service Framework does not perform necessary
authorization check for an authenticated user, resulting in escalation of
privileges. On successful exploitation, an attacker can cause a high impact on
confidentiality of the application.
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-31 CVE Reserved
- 2024-08-13 CVE Published
- 2024-08-13 CVE Updated
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP Shared Service Framework Search vendor "SAP SE" for product "SAP Shared Service Framework" | 731 Search vendor "SAP SE" for product "SAP Shared Service Framework" and version "731" | en |
Affected
| ||||||
| SAP SE Search vendor "SAP SE" | SAP Shared Service Framework Search vendor "SAP SE" for product "SAP Shared Service Framework" | 746 Search vendor "SAP SE" for product "SAP Shared Service Framework" and version "746" | en |
Affected
| ||||||
| SAP SE Search vendor "SAP SE" | SAP Shared Service Framework Search vendor "SAP SE" for product "SAP Shared Service Framework" | 747 Search vendor "SAP SE" for product "SAP Shared Service Framework" and version "747" | en |
Affected
| ||||||
| SAP SE Search vendor "SAP SE" | SAP Shared Service Framework Search vendor "SAP SE" for product "SAP Shared Service Framework" | 748 Search vendor "SAP SE" for product "SAP Shared Service Framework" and version "748" | en |
Affected
| ||||||