CVE-2024-42371

Vulnerability

Description The vulnerability resides in an RFC-enabled function module in SAP systems. A low privileged user can exploit this module to delete the workplace favourites of any other user, bypassing intended access controls. The root cause is insufficient authorization checks within the function module, allowing actions beyond the attacker's privileges [1].

Exploitation

To exploit this vulnerability, an attacker needs only low-level access to the SAP system, such as a standard user account. No special network position or authentication bypass is required. By invoking the vulnerable RFC function module, the attacker can systematically delete favourites of targeted users, potentially causing disruption and revealing valid usernames through error messages or system responses [1].

Impact

Successful exploitation allows the attacker to identify usernames and gather information about the targeted user's workplaces and nodes. This information leakage can aid in further attacks. The integrity and availability of the application are impacted to a low degree, as users may lose access to their configured favourites [1].

Mitigation

SAP has addressed this vulnerability in its Security Patch Day updates. Administrators are strongly advised to apply the relevant security notes and patches to mitigate the risk. No workarounds are documented, making patching the primary remediation [1].