{"vulnerability": "CVE-2024-3717", "sightings": [{"uuid": "144409fd-7c63-4aea-9f5e-6aac58103b44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37173", "type": "seen", "source": "https://t.me/cvedetector/235", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37173 - Due to insufficient input validation, SAP CRM We\", \n  \"Content\": \"CVE ID : CVE-2024-37173 \nPublished : July 9, 2024, 4:15 a.m. | 26\u00a0minutes ago \nDescription : Due to insufficient input validation, SAP  \n  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which  \n  embeds a malicious script. When a victim clicks on this link, the script will  \n  be executed in the victim's browser giving the attacker the ability to access  \n  and/or modify information with no effect on availability of the application. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T06:48:12.000000Z"}, {"uuid": "e1276ee4-2bed-4dd3-896d-f1469047e981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37179", "type": "seen", "source": "https://t.me/cvedetector/7312", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37179 - SAP BusinessObjects Business Intelligence Platform File Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37179 \nPublished : Oct. 8, 2024, 4:15 a.m. | 37\u00a0minutes ago \nDescription : SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T07:01:11.000000Z"}, {"uuid": "aac5566c-f285-4dbe-8e41-cbee874273dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37175", "type": "seen", "source": "https://t.me/cvedetector/247", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37175 - SAP CRM WebClient does not perform necessary autho\", \n  \"Content\": \"CVE ID : CVE-2024-37175 \nPublished : July 9, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : SAP CRM WebClient does not  \nperform necessary authorization check for an authenticated user, resulting in  \nescalation of privileges. This could allow an attacker to access some sensitive  \ninformation. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T07:38:34.000000Z"}, {"uuid": "82bb3c04-1beb-4cc6-bf9a-a8a5c302b1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37172", "type": "seen", "source": "https://t.me/cvedetector/250", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37172 - SAP S/4HANA Finance (Advanced Payment Management)\", \n  \"Content\": \"CVE ID : CVE-2024-37172 \nPublished : July 9, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : SAP S/4HANA Finance (Advanced Payment  \nManagement) does not perform necessary authorization check for an authenticated  \nuser, resulting in escalation of privileges. As a result, it has a low impact  \nto confidentiality and availability but there is no impact on the integrity. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T07:38:36.000000Z"}, {"uuid": "93da2020-e50c-46e8-bcfd-4e81ab7d13d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37171", "type": "seen", "source": "https://t.me/cvedetector/249", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37171 - SAP Transportation Management (Collaboration Porta\", \n  \"Content\": \"CVE ID : CVE-2024-37171 \nPublished : July 9, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : SAP Transportation Management (Collaboration  \nPortal) allows an attacker with non-administrative privileges to send a crafted  \nrequest from a vulnerable web application. This will trigger the application  \nhandler to send a request to an unintended service, which may reveal  \ninformation about that service. The information obtained could be used to  \ntarget internal systems behind firewalls that are normally inaccessible to an  \nattacker from the external network, resulting in a Server-Side Request Forgery  \nvulnerability. There is no effect on integrity or availability of the  \napplication. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T07:38:36.000000Z"}, {"uuid": "762679d4-eb8f-4196-be5c-2bfe21938e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37174", "type": "seen", "source": "https://t.me/cvedetector/233", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37174 - Custom CSS support option in SAP CRM WebClient UI\", \n  \"Content\": \"CVE ID : CVE-2024-37174 \nPublished : July 9, 2024, 4:15 a.m. | 26\u00a0minutes ago \nDescription : Custom CSS support option in SAP CRM WebClient  \nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site  \nScripting vulnerability. On successful exploitation an attacker can cause  \nlimited impact on confidentiality and integrity of the application. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T06:48:10.000000Z"}]}