#VU98138 Prototype pollution in HANA Client - CVE-2024-45277

Cybersecurity Help s.r.o.

Published: 2024-10-08

Vulnerability identifier: #VU98138

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45277

CWE-ID: CWE-1321

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HANA Client
Web applications / Other software

Vendor: SAP

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when using the nestTables feature. A remote user can send specially crafted input to the application and perform prototype pollution attack, which can result in denial of service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

HANA Client: 2.0

External links
https://me.sap.com/notes/3520100
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Prototype pollution in SAP HANA Client