Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SAP Global Label Management (GLM) by SAP_SE
CVE-2024-33009 (GCVE-0-2024-33009)
Vulnerability from nvd – Published: 2024-05-14 03:58 – Updated: 2024-08-02 02:27
VLAI
EPSS
VEX
Title
SQL injection vulnerability in SAP Global Label Management (GLM)
Summary
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Global Label Management (GLM) |
Affected:
605
Affected: 606 Affected: 616 Affected: 617 |
|
| sap | global_label_management |
Affected:
605
cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
606
cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
616
cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
617
cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "605"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "606"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "616"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "617"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T14:47:33.848687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:54.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/1938764"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Global Label Management (GLM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "616"
},
{
"status": "affected",
"version": "617"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
}
],
"value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T03:58:53.953Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/1938764"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL injection vulnerability in SAP Global Label Management (GLM)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-33009",
"datePublished": "2024-05-14T03:58:53.953Z",
"dateReserved": "2024-04-23T04:04:25.522Z",
"dateUpdated": "2024-08-02T02:27:53.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33009 (GCVE-0-2024-33009)
Vulnerability from cvelistv5 – Published: 2024-05-14 03:58 – Updated: 2024-08-02 02:27
VLAI
EPSS
VEX
Title
SQL injection vulnerability in SAP Global Label Management (GLM)
Summary
SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Global Label Management (GLM) |
Affected:
605
Affected: 606 Affected: 616 Affected: 617 |
|
| sap | global_label_management |
Affected:
605
cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
606
cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
616
cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:* |
|
| sap | global_label_management |
Affected:
617
cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "605"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "606"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "616"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_label_management",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "617"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T14:47:33.848687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:54.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/1938764"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Global Label Management (GLM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "616"
},
{
"status": "affected",
"version": "617"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
}
],
"value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T03:58:53.953Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/1938764"
},
{
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL injection vulnerability in SAP Global Label Management (GLM)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-33009",
"datePublished": "2024-05-14T03:58:53.953Z",
"dateReserved": "2024-04-23T04:04:25.522Z",
"dateUpdated": "2024-08-02T02:27:53.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}