CVE-2024-27901 - OpenCVE

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://me.sap.com/notes/3438234
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2024-04-09T00:55:03.642Z

Updated: 2024-04-09T00:55:03.642Z

Reserved: 2024-02-27T06:26:16.787Z

Link: CVE-2024-27901

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-09T01:15:48.993

Modified: 2024-04-09T12:48:04.090

Link: CVE-2024-27901

JSON object: View

Redhat Information

No data.

CWE

CWE-35

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-27901", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-02-27T06:26:16.787Z", "datePublished": "2024-04-09T00:55:03.642Z", "dateUpdated": "2024-04-09T00:55:03.642Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Asset Accounting", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_APPL 600"}, {"status": "affected", "version": "SAP_APPL 602"}, {"status": "affected", "version": "SAP_APPL 603"}, {"status": "affected", "version": "SAP_APPL 604"}, {"status": "affected", "version": "SAP_APPL 605"}, {"status": "affected", "version": "SAP_APPL 606"}, {"status": "affected", "version": "SAP_FIN617"}, {"status": "affected", "version": "SAP_FIN 618"}, {"status": "affected", "version": "SAP_FIN700"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.</p>"}], "value": "SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "CWE-35: Path Traversal", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-04-09T00:55:03.642Z"}, "references": [{"url": "https://me.sap.com/notes/3438234"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"}], "source": {"discovery": "UNKNOWN"}, "title": "Directory Traversal vulnerability in SAP Asset Accounting", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}