Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SAP BW/4HANA Transformation and Data Transfer Process by SAP_SE
CVE-2024-37176 (GCVE-0-2024-37176)
Vulnerability from nvd – Published: 2024-06-11 02:14 – Updated: 2024-08-02 03:50
VLAI
Title
Missing Authorization check in SAP BW/4HANA Transformation and DTP
Summary
SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP BW/4HANA Transformation and Data Transfer Process |
Affected:
DW4CORE 200
Affected: 300 Affected: 400 Affected: 796 Affected: SAP_BW 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 |
|
| sap_se | sap_bw_4hana |
Affected:
dw4core200
cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
300
cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
400
cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
796
cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
sap_bw_740
cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
750
cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
751
cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
752
cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
753
cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
754
cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
755
cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
756
cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
757
cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
758
cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "dw4core200"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "300"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "400"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "796"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "sap_bw_740"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "750"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "751"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "752"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "753"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "754"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "755"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "756"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "757"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "758"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:51:16.715875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:16:58.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3465455"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BW/4HANA Transformation and Data Transfer Process",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "300"
},
{
"status": "affected",
"version": "400"
},
{
"status": "affected",
"version": "796"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"
}
],
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:14:45.656Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3465455"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP BW/4HANA Transformation and DTP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-37176",
"datePublished": "2024-06-11T02:14:45.656Z",
"dateReserved": "2024-06-04T07:49:42.492Z",
"dateUpdated": "2024-08-02T03:50:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37176 (GCVE-0-2024-37176)
Vulnerability from cvelistv5 – Published: 2024-06-11 02:14 – Updated: 2024-08-02 03:50
VLAI
Title
Missing Authorization check in SAP BW/4HANA Transformation and DTP
Summary
SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP BW/4HANA Transformation and Data Transfer Process |
Affected:
DW4CORE 200
Affected: 300 Affected: 400 Affected: 796 Affected: SAP_BW 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 |
|
| sap_se | sap_bw_4hana |
Affected:
dw4core200
cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
300
cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
400
cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
796
cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:* |
|
| sap_se | sap_bw_4hana |
Affected:
sap_bw_740
cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
750
cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
751
cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
752
cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
753
cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
754
cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
755
cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
756
cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
757
cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:* |
|
| sap_se | sap_bw |
Affected:
758
cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "dw4core200"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "300"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "400"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "796"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw_4hana",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "sap_bw_740"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "750"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "751"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "752"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "753"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "754"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "755"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "756"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "757"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_bw",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "758"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:51:16.715875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:16:58.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3465455"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BW/4HANA Transformation and Data Transfer Process",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "300"
},
{
"status": "affected",
"version": "400"
},
{
"status": "affected",
"version": "796"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"
}
],
"value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T02:14:45.656Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3465455"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP BW/4HANA Transformation and DTP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-37176",
"datePublished": "2024-06-11T02:14:45.656Z",
"dateReserved": "2024-06-04T07:49:42.492Z",
"dateUpdated": "2024-08-02T03:50:54.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}