{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33008", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-04-23T04:04:25.522Z", "datePublished": "2024-05-14T03:46:17.394Z", "dateUpdated": "2024-09-26T18:28:15.789Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Replication Server", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "16.0"}, {"status": "affected", "version": "16.0.3"}, {"status": "affected", "version": "16.0.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.</span>"}], "value": "SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-26T18:28:15.789Z"}, "references": [{"url": "https://me.sap.com/notes/3349468"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory Corruption vulnerability in SAP Replication Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T20:01:19.039292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:44:52.357Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.435Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3349468", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3349468", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.435Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T20:01:19.039292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T20:01:23.432Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Memory Corruption vulnerability in SAP Replication Server", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Replication Server", "versions": [{"status": "affected", "version": "16.0"}, {"status": "affected", "version": "16.0.3"}, {"status": "affected", "version": "16.0.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3349468"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-26T18:28:15.789Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33008", "state": "PUBLISHED", "dateUpdated": "2024-09-26T18:28:15.789Z", "dateReserved": "2024-04-23T04:04:25.522Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-05-14T03:46:17.394Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system."}, {"lang": "es", "value": "SAP Replication Server permite a un atacante utilizar una puerta de enlace para ejecutar algunos comandos a RSSD. Esto podr\u00eda provocar que el servidor de replicaci\u00f3n colapse debido a da\u00f1os en la memoria con un alto impacto en la disponibilidad del sistema."}], "id": "CVE-2024-33008", "lastModified": "2024-11-21T09:16:13.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-05-14T16:17:15.003", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3349468"}, {"source": "cna@sap.com", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://me.sap.com/notes/3349468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}