Lucene search

SapCVE-2024-37172

HistoryJul 09, 2024 - 5:15 a.m.

CVE-2024-37172

2024-07-0905:15:11

CWE-862

sap

web.nvd.nist.gov

sap s/4hana

finance

advanced payment management

authorization check

privilege escalation

low impact

confidentiality

availability

integrity

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

JSON

SAP S/4HANA Finance (Advanced Payment
Management) does not perform necessary authorization check for an authenticated
user, resulting in escalation of privileges. As a result, it has a low impact
to confidentiality and availability but there is no impact on the integrity.

Affected configurations

Nvd

Node

saps4coreMatch107

saps4coreMatch108

AND

saps\/4hanaMatch-

VendorProductVersionCPE
saps4core107cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*
saps4core108cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*
saps\/4hana-cpe:2.3:a:sap:s\/4hana:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	s4core	107	cpe:2.3:a:sap:s4core:107:::::::*
sap	s4core	108	cpe:2.3:a:sap:s4core:108:::::::*
sap	s\/4hana	-	cpe:2.3:a:sap:s\/4hana:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA Finance (Advanced Payment Management)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ]
  }
]

References

me.sap.com/notes/3457354

url.sap/sapsecuritypatchday

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-37172