CVE-2024-21737: Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
First published: Tue Jan 09 2024(Updated: )
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Application Interface Framework | =702 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-21737?
CVE-2024-21737 is classified as a high-severity vulnerability.
How do I fix CVE-2024-21737?
To fix CVE-2024-21737, apply the latest security patches provided by SAP for the Application Interface Framework.
Who is affected by CVE-2024-21737?
CVE-2024-21737 affects users of SAP Application Interface Framework version 702, particularly those with high privilege access.
What kind of actions can be performed due to CVE-2024-21737?
Exploiting CVE-2024-21737 allows a high privilege user to execute OS commands, leading to significant control over the application's behavior.
Is CVE-2024-21737 publicly available?
Yes, CVE-2024-21737 has been publicly reported and documented in vulnerability databases.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/description
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- vendor/sap
- canonical/sap application interface framework
- version/sap application interface framework/702