Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Global Label Management (GLM) by SAP_SE

    CVE-2024-33009 (GCVE-0-2024-33009)

    Vulnerability from nvd – Published: 2024-05-14 03:58 – Updated: 2024-08-02 02:27
    VLAI
    Title
    SQL injection vulnerability in SAP Global Label Management (GLM)
    Summary
    SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Global Label Management (GLM) Affected: 605
    Affected: 606
    Affected: 616
    Affected: 617
    Create a notification for this product.
    sap global_label_management Affected: 605
        cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 606
        cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 616
        cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 617
        cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "605"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "606"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "616"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "617"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T14:47:33.848687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:44:54.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/1938764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Global Label Management (GLM)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "605"
                },
                {
                  "status": "affected",
                  "version": "606"
                },
                {
                  "status": "affected",
                  "version": "616"
                },
                {
                  "status": "affected",
                  "version": "617"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
                }
              ],
              "value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T03:58:53.953Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/1938764"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL injection vulnerability in SAP Global Label Management (GLM)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-33009",
        "datePublished": "2024-05-14T03:58:53.953Z",
        "dateReserved": "2024-04-23T04:04:25.522Z",
        "dateUpdated": "2024-08-02T02:27:53.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-33009 (GCVE-0-2024-33009)

    Vulnerability from cvelistv5 – Published: 2024-05-14 03:58 – Updated: 2024-08-02 02:27
    VLAI
    Title
    SQL injection vulnerability in SAP Global Label Management (GLM)
    Summary
    SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Global Label Management (GLM) Affected: 605
    Affected: 606
    Affected: 616
    Affected: 617
    Create a notification for this product.
    sap global_label_management Affected: 605
        cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 606
        cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 616
        cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*
    Create a notification for this product.
    sap global_label_management Affected: 617
        cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:605:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "605"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:606:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "606"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:616:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "616"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:global_label_management:617:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_label_management",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "617"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33009",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T14:47:33.848687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:44:54.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/1938764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Global Label Management (GLM)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "605"
                },
                {
                  "status": "affected",
                  "version": "606"
                },
                {
                  "status": "affected",
                  "version": "616"
                },
                {
                  "status": "affected",
                  "version": "617"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
                }
              ],
              "value": "SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T03:58:53.953Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/1938764"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL injection vulnerability in SAP Global Label Management (GLM)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-33009",
        "datePublished": "2024-05-14T03:58:53.953Z",
        "dateReserved": "2024-04-23T04:04:25.522Z",
        "dateUpdated": "2024-08-02T02:27:53.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }