CVE-2024-21735 - Vulnerability Details - OpenCVE

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00147.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Sap	Lt Replication Server

Configuration 1 [-]

OR	cpe:2.3:a:sap:lt_replication_server:s4core_103:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_104:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_105:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_106:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_107:::::::*
	cpe:2.3:a:sap:lt_replication_server:s4core_108:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-19350	SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://me.sap.com/notes/3407617
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

Tue, 17 Jun 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-01-09T00:57:37.063Z

Updated: 2025-06-17T20:59:11.007Z

Reserved: 2024-01-01T10:54:59.645Z

Link: CVE-2024-21735

Vulnrichment

Updated: 2024-08-01T22:27:36.128Z

NVD

Status : Modified

Published: 2024-01-09T01:15:39.350

Modified: 2024-11-21T08:54:54.260

Link: CVE-2024-21735

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21735", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-01-01T10:54:59.645Z", "datePublished": "2024-01-09T00:57:37.063Z", "dateUpdated": "2025-06-17T20:59:11.007Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP LT Replication Server", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CORE 103"}, {"status": "affected", "version": "S4CORE 104"}, {"status": "affected", "version": "S4CORE 105"}, {"status": "affected", "version": "S4CORE 106"}, {"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "S4CORE 108"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.</p>"}], "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-01-30T21:23:44.935Z"}, "references": [{"url": "https://me.sap.com/notes/3407617"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Authorization check in SAP LT Replication Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.128Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3407617", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-10T15:34:21.390786Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:59:11.007Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3407617", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.128Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-10T15:34:21.390786Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T20:49:28.328Z"}}], "cna": {"title": "Improper Authorization check in SAP LT Replication Server", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP LT Replication Server", "versions": [{"status": "affected", "version": "S4CORE 103"}, {"status": "affected", "version": "S4CORE 104"}, {"status": "affected", "version": "S4CORE 105"}, {"status": "affected", "version": "S4CORE 106"}, {"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "S4CORE 108"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3407617"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-01-30T21:23:44.935Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21735", "state": "PUBLISHED", "dateUpdated": "2025-06-17T20:59:11.007Z", "dateReserved": "2024-01-01T10:54:59.645Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-01-09T00:57:37.063Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_103:*:*:*:*:*:*:*", "matchCriteriaId": "B477DF53-4DBA-4F17-B852-FB004DF367E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_104:*:*:*:*:*:*:*", "matchCriteriaId": "3676498C-2D40-407F-B181-A81E71895A2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_105:*:*:*:*:*:*:*", "matchCriteriaId": "DC7A55BD-B074-485E-BB85-283EE1A2D93F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_106:*:*:*:*:*:*:*", "matchCriteriaId": "EC139C41-C3D8-4481-8BDA-D5A12AC2AF39", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_107:*:*:*:*:*:*:*", "matchCriteriaId": "D287F22B-0F48-444B-A665-CCE8A7992FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_108:*:*:*:*:*:*:*", "matchCriteriaId": "85C3C978-D865-49DE-AC63-7FC1FE3ECC00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"}, {"lang": "es", "value": "SAP LT Replication Server - versi\u00f3n S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, no realizan las comprobaciones de autorizaci\u00f3n necesarias. Esto podr\u00eda permitir que un atacante con altos privilegios realice acciones no deseadas, lo que resultar\u00eda en una escalada de privilegios, lo que tiene un alto impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "id": "CVE-2024-21735", "lastModified": "2024-11-21T08:54:54.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 6.0, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-09T01:15:39.350", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3407617"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3407617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Secondary"}]}