Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP BW/4HANA Transformation and Data Transfer Process by SAP_SE

    CVE-2024-37176 (GCVE-0-2024-37176)

    Vulnerability from nvd – Published: 2024-06-11 02:14 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Missing Authorization check in SAP BW/4HANA Transformation and DTP
    Summary
    SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BW/4HANA Transformation and Data Transfer Process Affected: DW4CORE 200
    Affected: 300
    Affected: 400
    Affected: 796
    Affected: SAP_BW 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: dw4core200
        cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 300
        cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 400
        cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 796
        cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: sap_bw_740
        cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 750
        cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 751
        cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 752
        cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 753
        cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 754
        cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 755
        cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 756
        cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 757
        cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 758
        cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "dw4core200"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "300"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "400"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "796"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "sap_bw_740"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "750"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "751"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "752"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "753"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "754"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "755"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "756"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "757"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "758"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:51:16.715875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:16:58.729Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:54.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3465455"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BW/4HANA Transformation and Data Transfer Process",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "796"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"
                }
              ],
              "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T02:14:45.656Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3465455"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP BW/4HANA Transformation and DTP",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37176",
        "datePublished": "2024-06-11T02:14:45.656Z",
        "dateReserved": "2024-06-04T07:49:42.492Z",
        "dateUpdated": "2024-08-02T03:50:54.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37176 (GCVE-0-2024-37176)

    Vulnerability from cvelistv5 – Published: 2024-06-11 02:14 – Updated: 2024-08-02 03:50
    VLAI
    Title
    Missing Authorization check in SAP BW/4HANA Transformation and DTP
    Summary
    SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BW/4HANA Transformation and Data Transfer Process Affected: DW4CORE 200
    Affected: 300
    Affected: 400
    Affected: 796
    Affected: SAP_BW 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: dw4core200
        cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 300
        cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 400
        cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: 796
        cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw_4hana Affected: sap_bw_740
        cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 750
        cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 751
        cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 752
        cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 753
        cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 754
        cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 755
        cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 756
        cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 757
        cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_bw Affected: 758
        cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "dw4core200"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "300"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "400"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "796"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw_4hana",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "sap_bw_740"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "750"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "751"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "752"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "753"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "754"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "755"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "756"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "757"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_bw",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "758"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:51:16.715875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:16:58.729Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:54.783Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3465455"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BW/4HANA Transformation and Data Transfer Process",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "796"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"
                }
              ],
              "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T02:14:45.656Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3465455"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP BW/4HANA Transformation and DTP",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37176",
        "datePublished": "2024-06-11T02:14:45.656Z",
        "dateReserved": "2024-06-04T07:49:42.492Z",
        "dateUpdated": "2024-08-02T03:50:54.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }