CVE-2024-47576

LOW

SAP Product Lifecycle Costing Client <4.7.1 - Command Injection

Title source: llm

Description

SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.

References (2)

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Vendor Advisory] https://me.sap.com/notes/3504847

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-427

Status draft

Timeline

Published Dec 10, 2024

Tracked Since Feb 18, 2026