Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-21737

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

Published

2024-01-09T02:15:45.823

Last Modified

2024-11-21T08:54:54.557

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	application_interface_framework	702	Yes

References

https://me.sap.com/notes/3411869 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3411869 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)