CVE-2024-47576

SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3504847
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La aplicación SAP Product Lifecycle Costing Client (versiones anteriores a la 4.7.1) carga a pedido una DLL que está disponible con el sistema operativo Windows. Esta DLL se carga desde el equipo que ejecuta la aplicación SAP Product Lifecycle Costing Client. Esa DLL en particular podría reemplazarse por una maliciosa, que podría ejecutar comandos como si fueran parte de la aplicación SAP Product Lifecycle Costing Client. En caso de un ataque exitoso, puede causar un impacto bajo en la confidencialidad, pero ningún impacto en la integridad y disponibilidad de la aplicación.

10 Dec 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-10 01:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-47576

Mitre link : CVE-2024-47576

CVE.ORG link : CVE-2024-47576

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

3.3 /10