CVE-2024-27901

Summary

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Asset AccountingSAP_APPL 600affected
SAP_SESAP Asset AccountingSAP_APPL 602affected
SAP_SESAP Asset AccountingSAP_APPL 603affected
SAP_SESAP Asset AccountingSAP_APPL 604affected
SAP_SESAP Asset AccountingSAP_APPL 605affected
SAP_SESAP Asset AccountingSAP_APPL 606affected
SAP_SESAP Asset AccountingSAP_FIN617affected
SAP_SESAP Asset AccountingSAP_FIN 618affected
SAP_SESAP Asset AccountingSAP_FIN700affected

Weaknesses

  • CWE-35: CWE-35: Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References