OpenCVE

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Sap	Permit To Work

Configuration 1 [-]

OR	cpe:2.3:a:sap:permit_to_work:uis4hop1_800:::::::*
	cpe:2.3:a:sap:permit_to_work:uis4hop1_900:::::::*

No data.

References

Link	Providers
https://me.sap.com/notes/3475427
https://url.sap/sapsecuritypatchday

History

Thu, 12 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sap Sap permit To Work
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:sap:permit_to_work:uis4hop1_800:::::::* cpe:2.3:a:sap:permit_to_work:uis4hop1_900:::::::*
Vendors & Products		Sap Sap permit To Work

Tue, 13 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 04:15:00 +0000

Type	Values Removed	Values Added
Description		Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
Title		Information Disclosure vulnerability in SAP Permit to Work
Weaknesses		CWE-200
References		https://me.sap.com/notes/3475427 https://url.sap/sapsecuritypatchday
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-08-13T04:09:24.579Z

Updated: 2024-08-13T13:27:46.182Z

Reserved: 2024-07-22T08:06:52.677Z

Link: CVE-2024-41736

Vulnrichment

Updated: 2024-08-13T13:27:13.276Z

NVD

Status : Analyzed

Published: 2024-08-13T04:15:09.607

Modified: 2024-09-12T13:51:42.727

Link: CVE-2024-41736

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41736", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-07-22T08:06:52.677Z", "datePublished": "2024-08-13T04:09:24.579Z", "dateUpdated": "2024-08-13T13:27:46.182Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Permit to Work", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "UIS4HOP1 800"}, {"status": "affected", "version": "900"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application."}], "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-08-13T04:09:24.579Z"}, "references": [{"url": "https://me.sap.com/notes/3475427"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in SAP Permit to Work", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-13T13:26:46.971903Z", "id": "CVE-2024-41736", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T13:27:46.182Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41736", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-13T13:26:46.971903Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T13:27:13.276Z"}}], "cna": {"title": "Information Disclosure vulnerability in SAP Permit to Work", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Permit to Work", "versions": [{"status": "affected", "version": "UIS4HOP1 800"}, {"status": "affected", "version": "900"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3475427"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application.", "supportingMedia": [{"type": "text/html", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-08-13T04:09:24.579Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41736", "state": "PUBLISHED", "dateUpdated": "2024-08-13T13:27:46.182Z", "dateReserved": "2024-07-22T08:06:52.677Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-08-13T04:09:24.579Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*", "matchCriteriaId": "C89623C8-C8AC-47B1-8EB5-CAAFBD64FAE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*", "matchCriteriaId": "40CB5F2B-8B3E-4266-AB66-7680174E69F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP Permit to Work\nallows an authenticated attacker to access information which would otherwise be\nrestricted causing low impact on the confidentiality of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP Permit to Work permite que un atacante autenticado acceda a informaci\u00f3n que de otro modo estar\u00eda restringida, lo que causa un bajo impacto en la confidencialidad de la aplicaci\u00f3n."}], "id": "CVE-2024-41736", "lastModified": "2024-09-12T13:51:42.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-08-13T04:15:09.607", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3475427"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cna@sap.com", "type": "Secondary"}]}