Vulnerabilites related to sap - netweaver_knowledge_management_and_collaboration_\(kmc-cm\)
CVE-2020-6225 (GCVE-0-2020-6225)
Vulnerability from cvelistv5
Published
2020-04-14 19:40
Modified
2024-08-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | SAP SE | SAP NetWeaver (Knowledge Management) (KMC-CM) |
Version: < 7.00 Version: < 7.01 Version: < 7.02 Version: < 7.30 Version: < 7.31 Version: < 7.40 Version: < 7.50 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2896682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver (Knowledge Management) (KMC-CM)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.00"
},
{
"status": "affected",
"version": "\u003c 7.01"
},
{
"status": "affected",
"version": "\u003c 7.02"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
},
{
"product": "SAP NetWeaver (Knowledge Management) (KMC-WPC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T19:40:25",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2896682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (Knowledge Management) (KMC-CM)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.00"
},
{
"version_name": "\u003c",
"version_value": "7.01"
},
{
"version_name": "\u003c",
"version_value": "7.02"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP NetWeaver (Knowledge Management) (KMC-WPC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2896682",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2896682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6225",
"datePublished": "2020-04-14T19:40:25",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34685 (GCVE-0-2024-34685)
Vulnerability from cvelistv5
Published
2024-07-09 03:53
Modified
2024-08-02 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation
Summary
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Knowledge Management XMLEditor |
Version: KMC-WPC 7.50 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:51:26.941635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T14:51:35.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://url.sap/sapsecuritypatchday"
},
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3468681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Knowledge Management XMLEditor",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KMC-WPC 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity.\n\n\n\n"
}
],
"value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T03:53:38.517Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3468681"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-34685",
"datePublished": "2024-07-09T03:53:38.517Z",
"dateReserved": "2024-05-07T05:46:11.657Z",
"dateUpdated": "2024-08-02T02:59:21.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-14 20:15
Modified
2024-11-21 05:35
Severity ?
Summary
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2896682 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2896682 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C7947DE1-EF45-49A3-A116-D125EDD39819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD8EE82-A741-45CF-8DB8-F888C9648C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D1C6-39C9-4BA9-91CA-A429423A706A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D839D71-26FC-45A0-A33C-8ADD62807133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1B382353-B423-41F4-B769-D6D2FA5094BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "414A92A3-E9A2-4F80-8E5E-7B07DB673296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "E96E9634-127A-45F3-AE07-F6481CC6AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-wpc\\):7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05399003-1BEF-4927-AE91-341DC1AA69A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-wpc\\):7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "5007491A-6FE4-4698-A919-688654CD22F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-wpc\\):7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9D76BA6A-B4B2-460A-A79C-81FFD183C0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-wpc\\):7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF188F7-680F-49E5-9BC1-80133D413C86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal."
},
{
"lang": "es",
"value": "SAP NetWeaver (Knowledge Management), versiones (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 y KMC-WPC 7.30, 7.31, 7.40, 7.50), no comprueba suficientemente la informaci\u00f3n de ruta proporcionada por los usuarios, por lo tanto los caracteres representan un salto al directorio padre que son pasados a trav\u00e9s de las API de archivo, lo que permite a un atacante sobrescribir, eliminar o corromper archivos arbitrarios en el servidor remoto, conllevando a un Salto de Ruta."
}
],
"id": "CVE-2020-6225",
"lastModified": "2024-11-21T05:35:20.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T20:15:15.420",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2896682"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2896682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-09 04:15
Modified
2024-11-21 09:19
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3468681 | Permissions Required | |
| cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://me.sap.com/notes/3468681 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_knowledge_management_and_collaboration_\(kmc-cm\) | 7.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "E96E9634-127A-45F3-AE07-F6481CC6AAA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity."
},
{
"lang": "es",
"value": "Debido a la codificaci\u00f3n d\u00e9bil de la entrada controlada por el usuario en SAP NetWeaver Knowledge Management XMLEditor, que permite que se puedan ejecutar scripts maliciosos en la aplicaci\u00f3n, lo que podr\u00eda provocar una vulnerabilidad de Cross-Site Scripting (XSS). Esto no tiene ning\u00fan impacto en la disponibilidad de la aplicaci\u00f3n pero tiene un impacto bajo en su confidencialidad e integridad."
}
],
"id": "CVE-2024-34685",
"lastModified": "2024-11-21T09:19:11.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-09T04:15:12.090",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3468681"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3468681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}