Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22131

In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.

Published

2024-02-13T03:15:08.363

Last Modified

2024-11-21T08:55:38.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	abap_platform	75c	Yes
Application	sap	abap_platform	75i	Yes
Application	sap	abap_platform	700	Yes
Application	sap	abap_platform	701	Yes
Application	sap	abap_platform	702	Yes
Application	sap	abap_platform	731	Yes
Application	sap	abap_platform	740	Yes
Application	sap	abap_platform	750	Yes
Application	sap	abap_platform	751	Yes
Application	sap	abap_platform	752	Yes

References

https://me.sap.com/notes/3420923 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3420923 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)