{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-37176","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-06-04T07:49:42.492Z","datePublished":"2024-06-11T02:14:45.656Z","dateUpdated":"2024-08-02T03:50:54.783Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP BW/4HANA Transformation and Data Transfer Process","vendor":"SAP_SE","versions":[{"status":"affected","version":"DW4CORE 200"},{"status":"affected","version":"300"},{"status":"affected","version":"400"},{"status":"affected","version":"796"},{"status":"affected","version":"SAP_BW 740"},{"status":"affected","version":"750"},{"status":"affected","version":"751"},{"status":"affected","version":"752"},{"status":"affected","version":"753"},{"status":"affected","version":"754"},{"status":"affected","version":"755"},{"status":"affected","version":"756"},{"status":"affected","version":"757"},{"status":"affected","version":"758"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application.\n\n\n\n"}],"value":"SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862: Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-06-11T02:14:45.656Z"},"references":[{"url":"https://me.sap.com/notes/3465455"},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}],"source":{"discovery":"UNKNOWN"},"title":"Missing Authorization check in SAP BW/4HANA Transformation and DTP","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"sap_se","product":"sap_bw_4hana","cpes":["cpe:2.3:a:sap_se:sap_bw_4hana:dw4core200:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"dw4core200","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw_4hana","cpes":["cpe:2.3:a:sap_se:sap_bw_4hana:300:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"300","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw_4hana","cpes":["cpe:2.3:a:sap_se:sap_bw_4hana:400:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"400","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw_4hana","cpes":["cpe:2.3:a:sap_se:sap_bw_4hana:796:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"796","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw_4hana","cpes":["cpe:2.3:a:sap_se:sap_bw_4hana:sap_bw_740:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"sap_bw_740","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:750:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"750","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:751:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"751","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:752:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"752","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:753:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"753","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:754:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"754","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:755:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"755","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:756:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"756","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:757:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"757","status":"affected"}]},{"vendor":"sap_se","product":"sap_bw","cpes":["cpe:2.3:a:sap_se:sap_bw:758:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"758","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-11T13:51:16.715875Z","id":"CVE-2024-37176","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-11T14:16:58.729Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:50:54.783Z"},"title":"CVE Program Container","references":[{"url":"https://me.sap.com/notes/3465455","tags":["x_transferred"]},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html","tags":["x_transferred"]}]}]}}