CVE-2024-21737

HIGH

SAP Application Interface Framework File Adapter 702 - Authenticated OS Command Injection

Title source: llm

Description

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3411869

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 8.4

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

sap/application_interface_framework 702

Published Jan 09, 2024

Tracked Since Feb 18, 2026