CVE-2024-21735

HIGH

SAP LT Replication Server S4CORE 103-108 - Incorrect Authorization

Title source: llm

Description

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3407617

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.3

EPSS 0.0015

EPSS Percentile 34.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (6)

sap/lt_replication_server s4core_103

sap/lt_replication_server s4core_104

sap/lt_replication_server s4core_105

sap/lt_replication_server s4core_106

sap/lt_replication_server s4core_107

sap/lt_replication_server s4core_108

Published Jan 09, 2024

Tracked Since Feb 18, 2026