CVE-2024-22132: Code Injection vulnerability in SAP IDES Systems
First published: Tue Feb 13 2024(Updated: )
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP IDES ECC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22132?
The severity of CVE-2024-22132 is categorized as low due to its minimal impact on confidentiality, integrity, and availability.
How do I fix CVE-2024-22132?
To mitigate CVE-2024-22132, SAP recommends applying the latest security patches and updates to the IDES ECC system.
What type of attack is possible with CVE-2024-22132?
CVE-2024-22132 allows an attacker to execute arbitrary program code, potentially leading to privilege escalation.
Which systems are affected by CVE-2024-22132?
CVE-2024-22132 affects SAP IDES ECC systems specifically.
What is the potential impact of exploiting CVE-2024-22132?
Exploitation of CVE-2024-22132 allows attackers to control the system behavior with low impact on data confidentiality and integrity.
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap ides ecc