Lucene search

SapCVE-2024-34691

HistoryJun 11, 2024 - 3:15 a.m.

CVE-2024-34691

2024-06-1103:15:11

CWE-862

sap

web.nvd.nist.gov

cve-2024-34691

sap s/4hana

authorization

escalation of privileges

integrity

confidentiality

availability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Manage Incoming Payment Files (F1680) of SAP
S/4HANA does not perform necessary authorization checks for an authenticated
user, resulting in escalation of privileges. As a result, it has high impact on
integrity and no impact on the confidentiality and availability of the system.

Affected configurations

Nvd

Node

saps\/4_hanaMatch103

saps\/4_hanaMatch104

saps\/4_hanaMatch105

saps\/4_hanaMatch106

saps\/4_hanaMatch107

saps\/4_hanaMatch108

saps\/4_hanaMatchs4core_102

VendorProductVersionCPE
saps\/4_hana103cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
saps\/4_hana104cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
saps\/4_hana105cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
saps\/4_hana106cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
saps\/4_hana107cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
saps\/4_hana108cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:*
saps\/4_hanas4core_102cpe:2.3:a:sap:s\/4_hana:s4core_102:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	s\/4_hana	103	cpe:2.3:a:sap:s\/4_hana:103:::::::*
sap	s\/4_hana	104	cpe:2.3:a:sap:s\/4_hana:104:::::::*
sap	s\/4_hana	105	cpe:2.3:a:sap:s\/4_hana:105:::::::*
sap	s\/4_hana	106	cpe:2.3:a:sap:s\/4_hana:106:::::::*
sap	s\/4_hana	107	cpe:2.3:a:sap:s\/4_hana:107:::::::*
sap	s\/4_hana	108	cpe:2.3:a:sap:s\/4_hana:108:::::::*
sap	s\/4_hana	s4core_102	cpe:2.3:a:sap:s\/4_hana:s4core_102:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA (Manage Incoming Payment Files)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      }
    ]
  }
]

References

me.sap.com/notes/3466175

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for CVE-2024-34691