CVE-2024-37177

{"id": "CVE-2024-37177", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-11T02:15:09.243", "references": [{"url": "https://me.sap.com/notes/3457592", "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Financial Consolidation allows data to enter\na Web application through an untrusted source. These endpoints are exposed over\nthe network and it allows the user to modify the content from the web site. On\nsuccessful exploitation, an attacker can cause significant impact to\nconfidentiality and integrity of the application."}, {"lang": "es", "value": "SAP Financial Consolidation permite que los datos ingresen a una aplicaci\u00f3n web a trav\u00e9s de una fuente que no es de confianza. Estos endpoints est\u00e1n expuestos a trav\u00e9s de la red y permiten al usuario modificar el contenido del sitio web. Si la explotaci\u00f3n tiene \u00e9xito, un atacante puede causar un impacto significativo en la confidencialidad y la integridad de la aplicaci\u00f3n."}], "lastModified": "2024-06-11T13:54:12.057", "sourceIdentifier": "cna@sap.com"}