CVE-2024-21735 - OpenCVE

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Lt Replication Server

Configuration 1 [-]

OR	cpe:2.3:a:sap:lt_replication_server:s4core_103:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_104:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_105:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_106:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_107:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_108:::::::*

No data.

References

Link	Providers
https://me.sap.com/notes/3407617
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-01-09T00:57:37.063Z

Updated: 2024-08-01T22:27:36.128Z

Reserved: 2024-01-01T10:54:59.645Z

Link: CVE-2024-21735

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T01:15:39.350

Modified: 2024-01-30T22:15:53.150

Link: CVE-2024-21735

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21735", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-01-01T10:54:59.645Z", "datePublished": "2024-01-09T00:57:37.063Z", "dateUpdated": "2024-08-01T22:27:36.128Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP LT Replication Server", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CORE 103"}, {"status": "affected", "version": "S4CORE 104"}, {"status": "affected", "version": "S4CORE 105"}, {"status": "affected", "version": "S4CORE 106"}, {"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "S4CORE 108"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.</p>"}], "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-01-30T21:23:44.935Z"}, "references": [{"url": "https://me.sap.com/notes/3407617"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Authorization check in SAP LT Replication Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.128Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3407617", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_103:*:*:*:*:*:*:*", "matchCriteriaId": "B477DF53-4DBA-4F17-B852-FB004DF367E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_104:*:*:*:*:*:*:*", "matchCriteriaId": "3676498C-2D40-407F-B181-A81E71895A2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_105:*:*:*:*:*:*:*", "matchCriteriaId": "DC7A55BD-B074-485E-BB85-283EE1A2D93F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_106:*:*:*:*:*:*:*", "matchCriteriaId": "EC139C41-C3D8-4481-8BDA-D5A12AC2AF39", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_107:*:*:*:*:*:*:*", "matchCriteriaId": "D287F22B-0F48-444B-A665-CCE8A7992FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_108:*:*:*:*:*:*:*", "matchCriteriaId": "85C3C978-D865-49DE-AC63-7FC1FE3ECC00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"}, {"lang": "es", "value": "SAP LT Replication Server - versi\u00f3n S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, no realizan las comprobaciones de autorizaci\u00f3n necesarias. Esto podr\u00eda permitir que un atacante con altos privilegios realice acciones no deseadas, lo que resultar\u00eda en una escalada de privilegios, lo que tiene un alto impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "id": "CVE-2024-21735", "lastModified": "2024-01-30T22:15:53.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 6.0, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-01-09T01:15:39.350", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3407617"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Secondary"}]}