CVE-2024-47576 Information

Description

SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.

Reference

https://me.sap.com/notes/3504847 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday