CVE-2024-21735

{"id": "CVE-2024-21735", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.7}]}, "published": "2024-01-09T01:15:39.350", "references": [{"url": "https://me.sap.com/notes/3407617", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"}, {"lang": "es", "value": "SAP LT Replication Server - versi\u00f3n S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, no realizan las comprobaciones de autorizaci\u00f3n necesarias. Esto podr\u00eda permitir que un atacante con altos privilegios realice acciones no deseadas, lo que resultar\u00eda en una escalada de privilegios, lo que tiene un alto impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "lastModified": "2024-01-30T22:15:53.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_103:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B477DF53-4DBA-4F17-B852-FB004DF367E0"}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3676498C-2D40-407F-B181-A81E71895A2C"}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7A55BD-B074-485E-BB85-283EE1A2D93F"}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC139C41-C3D8-4481-8BDA-D5A12AC2AF39"}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D287F22B-0F48-444B-A665-CCE8A7992FD3"}, {"criteria": "cpe:2.3:a:sap:lt_replication_server:s4core_108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85C3C978-D865-49DE-AC63-7FC1FE3ECC00"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}