Lucene search

[email protected]CVE-2024-25643

HistoryFeb 13, 2024 - 4:15 a.m.

CVE-2024-25643

2024-02-1304:15:08

CWE-862

[email protected]

web.nvd.nist.gov

sap

fiori

app

my overtime request

version 605

authorization checks

privilege escalation

url manipulation

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Fiori app (My Overtime Requests)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      }
    ]
  }
]

References

me.sap.com/notes/3237638

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

Related for CVE-2024-25643

prion1 cvelist1 nvd1