PT-2024-9337 · Sap · Sap Product Lifecycle Costing Client
Published
2024-12-10
·
Updated
2024-12-10
·
CVE-2024-47576
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SAP Product Lifecycle Costing Client versions below 4.7.1
Description:
The issue is related to a DLL hijacking vulnerability, where the SAP Product Lifecycle Costing Client application loads a DLL from the Windows OS on demand. This DLL can be replaced by a malicious one, allowing it to execute commands as part of the SAP Product Lifecycle Costing Client application. A successful attack can cause a low impact to confidentiality, but no impact to the integrity and availability of the application.
Recommendations:
For SAP Product Lifecycle Costing Client versions below 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DLL loading mechanism to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Product Lifecycle Costing Client