Plataforma
sap
Componente
sap-fiori-front-end-server
Corrigido em
605.0.1
CVE-2024-22133 is a security vulnerability affecting the SAP Fiori Front End Server. This flaw allows an attacker to modify approver details within the application, potentially leading to the creation of leave requests with incorrect approvers. The vulnerability impacts version 605 of the server and has been resolved in version 605.0.1.
The vulnerability in SAP Fiori Front End Server allows an attacker to manipulate the approver details associated with leave requests. This manipulation could result in requests being routed to unintended recipients, potentially bypassing approval workflows or leading to incorrect approvals. While the impact on availability is minimal, the compromise of confidentiality and integrity could have operational consequences, such as incorrect personnel management or unauthorized access to sensitive information. The attacker would need to exploit the application's input validation mechanisms to successfully alter the approver details. This vulnerability highlights the importance of robust input validation and access controls within enterprise applications.
CVE-2024-22133 was publicly disclosed on March 12, 2024. Currently, there is no indication of active exploitation or a public proof-of-concept. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 4.6 (Medium) suggests a moderate likelihood of exploitation if the vulnerability is exposed and accessible.
Organizations utilizing SAP Fiori Front End Server version 605, particularly those with complex leave request approval workflows, are at risk. Environments with limited access controls or inadequate input validation are especially vulnerable.
• linux / server:
journalctl -u fiori -g "leave request"• generic web:
curl -I https://<fiori_server>/ | grep -i 'approver:'disclosure
Status do Exploit
EPSS
0.36% (percentil 58%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-22133 is to upgrade the SAP Fiori Front End Server to version 605.0.1 or later. Before upgrading, it is recommended to review SAP's upgrade documentation and perform thorough testing in a non-production environment to ensure compatibility and avoid any disruption to business operations. If an immediate upgrade is not feasible, consider implementing stricter access controls and input validation rules within the application to limit the potential for manipulation. Monitor application logs for any suspicious activity related to leave request approvals.
Actualice SAP Fiori Front End Server a una versión posterior a la 605 que contenga la corrección para este problema. Consulte la nota SAP 3417399 para obtener más detalles e instrucciones específicas sobre la actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-22133 is a medium-severity vulnerability in SAP Fiori Front End Server version 605 that allows alteration of approver details on leave requests, potentially impacting confidentiality and integrity.
You are affected if you are running SAP Fiori Front End Server version 605. Upgrade to version 605.0.1 or later to mitigate the risk.
Upgrade to SAP Fiori Front End Server version 605.0.1 or later. Review SAP's upgrade documentation and test thoroughly before applying the update.
There is currently no indication of active exploitation or a public proof-of-concept for CVE-2024-22133.
Refer to the official SAP Security Notes for details and further information: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.