CVE-2024-33009

MEDIUM

SAP Global Label Management - SQL Injection

Title source: llm

Description

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

References (2)

Core 2

Core References

Vendor Advisory

https://me.sap.com/notes/1938764

Various Sources

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Scores

CVSS v3 4.2

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (4)

SAP_SE/SAP Global Label Management (GLM) 605

SAP_SE/SAP Global Label Management (GLM) 606

SAP_SE/SAP Global Label Management (GLM) 616

SAP_SE/SAP Global Label Management (GLM) 617

Published May 14, 2024

Tracked Since Feb 18, 2026