Main Vulnerability Database Vulnerabilities #VU98138

#VU98138 Prototype pollution in HANA Client - CVE-2024-45277

Published: October 8, 2024

Vulnerability identifier: #VU98138

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-45277

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
HANA Client

Software vendor:
SAP

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when using the nestTables feature. A remote user can send specially crafted input to the application and perform prototype pollution attack, which can result in denial of service.

Remediation

Install update from vendor's website.

External links

https://me.sap.com/notes/3520100
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html

#VU98138 Prototype pollution in HANA Client - CVE-2024-45277

Description

Remediation

External links

Please verify you're human