CVE-2024-22132
Last modified
CVE-2024-22132 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. . EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Ides Ecc | All versions |
References
- https://me.sap.com/notes/3421659Permissions Required
- https://me.sap.com/notes/3421659Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-22132?
How severe is CVE-2024-22132?
How do I fix CVE-2024-22132?
Are you affected by CVE-2024-22132?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST