CVE-2024-22125 - OpenCVE

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Gui Connector

Configuration 1 [-]

cpe:2.3:a:sap:gui_connector:1.0:*:*:*:*:edge:*:*

No data.

References

Link	Providers
https://me.sap.com/notes/3386378
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-01-09T01:20:19.403Z

Updated: 2024-08-01T22:35:34.954Z

Reserved: 2024-01-05T10:21:35.256Z

Link: CVE-2024-22125

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-09T02:15:46.413

Modified: 2024-01-12T19:42:36.637

Link: CVE-2024-22125

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22125", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-01-05T10:21:35.256Z", "datePublished": "2024-01-09T01:20:19.403Z", "dateUpdated": "2024-08-01T22:35:34.954Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.</p>"}], "value": "Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-01-09T01:20:19.403Z"}, "references": [{"url": "https://me.sap.com/notes/3386378"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.954Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3386378", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:gui_connector:1.0:*:*:*:*:edge:*:*", "matchCriteriaId": "010E2CD3-0646-4B66-81CA-EDF907CE0090", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.\n\n"}, {"lang": "es", "value": "Bajo ciertas condiciones, la extensi\u00f3n del navegador Microsoft Edge (conector SAP GUI para Microsoft Edge), versi\u00f3n 1.0, permite a un atacante acceder a informaci\u00f3n altamente confidencial que de otro modo estar\u00eda restringida, lo que causar\u00eda un alto impacto en la confidencialidad."}], "id": "CVE-2024-22125", "lastModified": "2024-01-12T19:42:36.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-01-09T02:15:46.413", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3386378"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-497"}], "source": "cna@sap.com", "type": "Secondary"}]}