Platform
sap
Component
sap-fiori-front-end-server
Fixed in
605.0.1
CVE-2024-22133 is a security vulnerability affecting the SAP Fiori Front End Server. This flaw allows an attacker to modify approver details within the application, potentially leading to the creation of leave requests with incorrect approvers. The vulnerability impacts version 605 of the server and has been resolved in version 605.0.1.
The vulnerability in SAP Fiori Front End Server allows an attacker to manipulate the approver details associated with leave requests. This manipulation could result in requests being routed to unintended recipients, potentially bypassing approval workflows or leading to incorrect approvals. While the impact on availability is minimal, the compromise of confidentiality and integrity could have operational consequences, such as incorrect personnel management or unauthorized access to sensitive information. The attacker would need to exploit the application's input validation mechanisms to successfully alter the approver details. This vulnerability highlights the importance of robust input validation and access controls within enterprise applications.
CVE-2024-22133 was publicly disclosed on March 12, 2024. Currently, there is no indication of active exploitation or a public proof-of-concept. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 4.6 (Medium) suggests a moderate likelihood of exploitation if the vulnerability is exposed and accessible.
Exploit Status
EPSS
0.36% (58% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-22133 is to upgrade the SAP Fiori Front End Server to version 605.0.1 or later. Before upgrading, it is recommended to review SAP's upgrade documentation and perform thorough testing in a non-production environment to ensure compatibility and avoid any disruption to business operations. If an immediate upgrade is not feasible, consider implementing stricter access controls and input validation rules within the application to limit the potential for manipulation. Monitor application logs for any suspicious activity related to leave request approvals.
Update SAP Fiori Front End Server to a version later than 605 that contains the fix for this issue. Refer to SAP note 3417399 for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-22133 is a medium-severity vulnerability in SAP Fiori Front End Server version 605 that allows alteration of approver details on leave requests, potentially impacting confidentiality and integrity.
You are affected if you are running SAP Fiori Front End Server version 605. Upgrade to version 605.0.1 or later to mitigate the risk.
Upgrade to SAP Fiori Front End Server version 605.0.1 or later. Review SAP's upgrade documentation and test thoroughly before applying the update.
There is currently no indication of active exploitation or a public proof-of-concept for CVE-2024-22133.
Refer to the official SAP Security Notes for details and further information: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.