CVE-2024-33009

SQL injection vulnerability in SAP Global Label Management (GLM)

CVSS 4.2 MEDIUMEPSS 0.3%CWE-89

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 May 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

SAP_SE · SAP Global Label Management (GLM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/1938764 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html