CVE-2024-37176

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://me.sap.com/notes/3465455", "name": "https://me.sap.com/notes/3465455", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "name": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-862"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-37176", "ASSIGNER": "cna@sap.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}}, "publishedDate": "2024-06-11T03:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:796:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:sap_bw_740:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:751:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:752:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:753:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:754:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:755:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:756:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:757:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:758:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:bw\\/4hana:dw4core_200:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-08-09T18:42Z"}