CVE-2024-21737: Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
First published: Tue Jan 09 2024(Updated: )
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Application Interface Framework | =702 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/epss-latest
- source/FIRST
- agent/tags
- agent/description
- agent/epss
- vendor/sap
- canonical/sap application interface framework
- version/sap application interface framework/702