Sign-up

ID

VAR-202401-1823


CVE

CVE-2024-22124


TITLE

SAP  of  SAP NetWeaver  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591

DESCRIPTION

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-22124 // JVNDB: JVNDB-2024-001591

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:krnl64nuc_7.22ext

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:kernel_7.22

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:webdisp_7.54

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:kernel_7.53

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:kernel_7.54

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:webdisp_7.22ext

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:webdisp_7.53

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:krnl64uc_7.22ext

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:krnl64uc_7.53

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:krnl64nuc_7.22

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:kernel 7.53

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:krnl64nuc 7.22ext

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion: -

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:webdisp 7.22ext

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:krnl64nuc 7.22

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:webdisp 7.54

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:kernel 7.22

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:krnl64uc 7.22ext

Trust: 0.8

vendor:sapmodel:netweaverscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:webdisp 7.53

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:kernel 7.54

Trust: 0.8

vendor:sapmodel:netweaverscope:eqversion:krnl64uc 7.53

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591 // NVD: CVE-2024-22124

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-22124
value: HIGH

Trust: 1.0

cna@sap.com: CVE-2024-22124
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-22124
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-22124
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cna@sap.com: CVE-2024-22124
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-22124
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591 // NVD: CVE-2024-22124 // NVD: CVE-2024-22124

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-497

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591 // NVD: CVE-2024-22124

EXTERNAL IDS

db:NVDid:CVE-2024-22124

Trust: 2.6

db:JVNDBid:JVNDB-2024-001591

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591 // NVD: CVE-2024-22124

REFERENCES

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 1.8

url:https://me.sap.com/notes/3392626

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-22124

Trust: 0.8

sources: JVNDB: JVNDB-2024-001591 // NVD: CVE-2024-22124

SOURCES

db:JVNDBid:JVNDB-2024-001591
db:NVDid:CVE-2024-22124

LAST UPDATE DATE

2024-08-14T13:41:14.650000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-001591date:2024-02-05T07:47:00
db:NVDid:CVE-2024-22124date:2024-01-22T19:17:13.050

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-001591date:2024-02-05T00:00:00
db:NVDid:CVE-2024-22124date:2024-01-09T02:15:46.207