{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:47:51.291","vulnerabilities":[{"cve":{"id":"CVE-2024-21737","sourceIdentifier":"cna@sap.com","published":"2024-01-09T02:15:45.823","lastModified":"2024-11-21T08:54:54.557","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.\n\n"},{"lang":"es","value":"En SAP Application Interface Framework File Adapter, versión 702, un usuario con privilegios elevados puede utilizar un módulo de funciones para atravesar varias capas y ejecutar comandos del sistema operativo directamente. De esta forma, dicho usuario puede controlar el comportamiento de la aplicación. Esto tiene un impacto considerable en la confidencialidad, la integridad y la disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:application_interface_framework:702:*:*:*:*:*:*:*","matchCriteriaId":"30146C01-CD00-4100-BB51-7ADD88F69A64"}]}]}],"references":[{"url":"https://me.sap.com/notes/3411869","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://me.sap.com/notes/3411869","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}