{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47576", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-09-27T20:05:49.543Z", "datePublished": "2024-12-10T00:11:43.031Z", "dateUpdated": "2024-12-10T17:14:29.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Product Lifecycle Costing", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "PLC_CLIENT 4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.</p>"}], "value": "SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-12-10T00:11:43.031Z"}, "references": [{"url": "https://me.sap.com/notes/3504847"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "DLL Hijacking vulnerability in SAP Product Lifecycle Costing", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-10T15:46:25.985984Z", "id": "CVE-2024-47576", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T17:14:29.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47576", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-10T15:46:25.985984Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T15:48:43.743Z"}}], "cna": {"title": "DLL Hijacking vulnerability in SAP Product Lifecycle Costing", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Product Lifecycle Costing", "versions": [{"status": "affected", "version": "PLC_CLIENT 4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3504847"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-12-10T00:11:43.031Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47576", "state": "PUBLISHED", "dateUpdated": "2024-12-10T17:14:29.533Z", "dateReserved": "2024-09-27T20:05:49.543Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-12-10T00:11:43.031Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application."}, {"lang": "es", "value": "La aplicaci\u00f3n SAP Product Lifecycle Costing Client (versiones anteriores a la 4.7.1) carga a pedido una DLL que est\u00e1 disponible con el sistema operativo Windows. Esta DLL se carga desde el equipo que ejecuta la aplicaci\u00f3n SAP Product Lifecycle Costing Client. Esa DLL en particular podr\u00eda reemplazarse por una maliciosa, que podr\u00eda ejecutar comandos como si fueran parte de la aplicaci\u00f3n SAP Product Lifecycle Costing Client. En caso de un ataque exitoso, puede causar un impacto bajo en la confidencialidad, pero ning\u00fan impacto en la integridad y disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2024-47576", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-12-10T01:15:05.340", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3504847"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}