CVE-2024-21738 - Vulnerability Details

Vendors	Products
Sap	Netweaver Application Server Abap

Link	Providers
https://me.sap.com/notes/3387737
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21738", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-01-01T10:54:59.645Z", "datePublished": "2024-01-09T01:19:29.437Z", "dateUpdated": "2024-08-01T22:27:35.894Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver ABAP Application Server and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 793"}, {"status": "affected", "version": "SAP_BASIS 794"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.</p>"}], "value": "SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-01-09T01:19:29.437Z"}, "references": [{"url": "https://me.sap.com/notes/3387737"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.894Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3387737", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-21738 (string)

assignerOrgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

state : PUBLISHED (string)

assignerShortName : sap (string)

dateReserved : 2024-01-01T10:54:59.645Z (string)

datePublished : 2024-01-09T01:19:29.437Z (string)

dateUpdated : 2024-08-01T22:27:35.894Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : SAP NetWeaver ABAP Application Server and ABAP Platform (string)

vendor : SAP_SE (string)

versions : [ »

0 : { »

status : affected (string)

version : SAP_BASIS 700 (string)

}

1 : { »

status : affected (string)

version : SAP_BASIS 701 (string)

}

2 : { »

status : affected (string)

version : SAP_BASIS 702 (string)

}

3 : { »

status : affected (string)

version : SAP_BASIS 731 (string)

}

4 : { »

status : affected (string)

version : SAP_BASIS 740 (string)

}

5 : { »

status : affected (string)

version : SAP_BASIS 750 (string)

}

6 : { »

status : affected (string)

version : SAP_BASIS 751 (string)

}

7 : { »

status : affected (string)

version : SAP_BASIS 752 (string)

}

8 : { »

status : affected (string)

version : SAP_BASIS 753 (string)

}

9 : { »

status : affected (string)

version : SAP_BASIS 754 (string)

}

10 : { »

status : affected (string)

version : SAP_BASIS 755 (string)

}

11 : { »

status : affected (string)

version : SAP_BASIS 756 (string)

}

12 : { »

status : affected (string)

version : SAP_BASIS 757 (string)

}

13 : { »

status : affected (string)

version : SAP_BASIS 758 (string)

}

14 : { »

status : affected (string)

version : SAP_BASIS 793 (string)

}

15 : { »

status : affected (string)

version : SAP_BASIS 794 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <p>SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.</p> (string)

}

]

value : SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-79 (string)

description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

lang : eng (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

shortName : sap (string)

dateUpdated : 2024-01-09T01:19:29.437Z (string)

}

references : [ »

0 : { »

url : https://me.sap.com/notes/3387737 (string)

}

1 : { »

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T22:27:35.894Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://me.sap.com/notes/3387737 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:79:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "7E795D39-9D29-4CFC-BDB7-5E990A386647", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:*", "matchCriteriaId": "AB104F44-D209-41D3-AE25-A5A4A8CE3323", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.\n\n"}, {"lang": "es", "value": "SAP NetWeaver ABAP Application Server y ABAP Platform no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante con pocos privilegios puede causar un impacto limitado en la confidencialidad de los datos de la aplicaci\u00f3n despu\u00e9s de una explotaci\u00f3n exitosa."}], "id": "CVE-2024-21738", "lastModified": "2024-11-21T08:54:54.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-09T02:15:46.020", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3387737"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3387737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:79:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 7E795D39-9D29-4CFC-BDB7-5E990A386647 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 6F048ED9-2DDF-4EB9-8571-73832AFABF6A (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : C37DC475-6B9A-493C-9A6F-28CDD65D2A5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 2BD9FE51-F76C-439A-A3C0-5279EC1059F7 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 8E96C58C-ED44-487B-A67E-FDAE3C29023A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 3E0CA53D-4335-4872-B527-30802E31B893 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 419BA423-0803-4F51-8889-014A521F02CE (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : DA20ECDC-8807-462C-A0F0-70DF6F5A119B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 800AAC21-325C-4F16-AE5A-9F89327E5356 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : BDC15DB7-A95B-475F-AAA6-60A801F65690 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 55A2FECF-A32E-4188-9563-E8BA0E952261 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 9CBF2E53-17F0-4BF0-9C38-749C7E611BF4 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : 5160572B-E3AB-4B96-8950-07DDAFA0E4A6 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:* (string)

matchCriteriaId : AB104F44-D209-41D3-AE25-A5A4A8CE3323 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. (string)

}

1 : { »

lang : es (string)

value : SAP NetWeaver ABAP Application Server y ABAP Platform no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante con pocos privilegios puede causar un impacto limitado en la confidencialidad de los datos de la aplicación después de una explotación exitosa. (string)

}

]

id : CVE-2024-21738 (string)

lastModified : 2024-11-21T08:54:54.690 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 1.4 (number)

source : cna@sap.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-01-09T02:15:46.020 (string)

references : [ »

0 : { »

source : cna@sap.com (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://me.sap.com/notes/3387737 (string)

}

1 : { »

source : cna@sap.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://me.sap.com/notes/3387737 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

sourceIdentifier : cna@sap.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : cna@sap.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object