CVE-2024-45277— Prototype Pollution vulnerability in SAP HANA Client
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-45277
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution vulnerability in SAP HANA Client
Source: NVD (National Vulnerability Database)
Vulnerability Description
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1321
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP HANA 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP HANA是德国思爱普(SAP)公司的一套高性能的实时数据分析平台。该平台提供数据查询功能,支持用户对查询实时业务数据进行查询和分析。 SAP HANA Node.js client 2.0.0版本至2.21.31之前版本存在安全漏洞,该漏洞源于使用nestTables功能时对用户输入清理不当。攻击者利用该漏洞向全局对象原型添加任意属性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP HANA Client | HDB_CLIENT 2.0 | - |
II. Public POCs for CVE-2024-45277
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-45277
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2024-10-08 · 5 CVEs total
| CVE-2024-37179 | 7.7 HIGH | Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platfo |
| CVE-2024-47594 | 5.4 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) |
| CVE-2024-45278 | 5.4 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice |
| CVE-2024-45282 | 4.3 MEDIUM | HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-1321
- CVE-2026-42264
Axios: Prototype pollution read-side gadgets in HTTP adapter - CVE-2026-42232
n8n: XML Node Prototype Pollution to RCE - CVE-2026-42231
n8n: Prototype Pollution in XML Webhook Body Parser Leads to - CVE-2026-42077
Evolver: Prototype Pollution via `Object.assign()` in mailbo - CVE-2026-42033
Axios: Prototype Pollution Gadgets - Response Tampering, Dat
V. Comments for CVE-2024-45277
No comments yet