{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45285", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-08-26T10:39:20.933Z", "datePublished": "2024-09-10T04:59:01.937Z", "dateUpdated": "2024-09-10T13:41:26.018Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "700"}, {"status": "affected", "version": "701"}, {"status": "affected", "version": "702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "753"}, {"status": "affected", "version": "754"}, {"status": "affected", "version": "755"}, {"status": "affected", "version": "756"}, {"status": "affected", "version": "757"}, {"status": "affected", "version": "758"}, {"status": "affected", "version": "912"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.</p>"}], "value": "The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T04:59:01.937Z"}, "references": [{"url": "https://me.sap.com/notes/3488039"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T13:40:57.518102Z", "id": "CVE-2024-45285", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T13:41:26.018Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45285", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T13:40:57.518102Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T13:41:19.932Z"}}], "cna": {"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "versions": [{"status": "affected", "version": "700"}, {"status": "affected", "version": "701"}, {"status": "affected", "version": "702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "753"}, {"status": "affected", "version": "754"}, {"status": "affected", "version": "755"}, {"status": "affected", "version": "756"}, {"status": "affected", "version": "757"}, {"status": "affected", "version": "758"}, {"status": "affected", "version": "912"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3488039"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T04:59:01.937Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45285", "state": "PUBLISHED", "dateUpdated": "2024-09-10T13:41:26.018Z", "dateReserved": "2024-08-26T10:39:20.933Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-09-10T04:59:01.937Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application."}, {"lang": "es", "value": "El m\u00f3dulo de funci\u00f3n habilitado para RFC permite que un usuario con pocos privilegios realice una denegaci\u00f3n de servicio a cualquier usuario y tambi\u00e9n cambie o elimine nodos favoritos. Al enviar un paquete manipulado en el m\u00f3dulo de funci\u00f3n dirigido a par\u00e1metros espec\u00edficos, el usuario objetivo espec\u00edfico ya no tendr\u00e1 acceso a ninguna funcionalidad de SAP GUI. El impacto en la integridad y disponibilidad de la aplicaci\u00f3n es bajo."}], "id": "CVE-2024-45285", "lastModified": "2024-09-10T12:09:50.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-09-10T05:15:12.590", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3488039"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}