Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSapCVE-2024-39591
HistoryAug 13, 2024 - 5:15 a.m.

CVE-2024-39591

2024-08-1305:15:13
CWE-862
sap
web.nvd.nist.gov
24
sap
document builder
authorization checks
privilege escalation
confidentiality

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

Affected configurations

Nvd
Node
sapdocument_builderMatchs4fnd_102
OR
sapdocument_builderMatchs4fnd_103
OR
sapdocument_builderMatchs4fnd_104
OR
sapdocument_builderMatchs4fnd_105
OR
sapdocument_builderMatchs4fnd_106
OR
sapdocument_builderMatchs4fnd_107
OR
sapdocument_builderMatchs4fnd_108
OR
sapdocument_builderMatchsap_bs_fnd_702
OR
sapdocument_builderMatchsap_bs_fnd_731
OR
sapdocument_builderMatchsap_bs_fnd_746
OR
sapdocument_builderMatchsap_bs_fnd_747
OR
sapdocument_builderMatchsap_bs_fnd_748
VendorProductVersionCPE
sapdocument_builders4fnd_102cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*
sapdocument_builders4fnd_103cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*
sapdocument_builders4fnd_104cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*
sapdocument_builders4fnd_105cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*
sapdocument_builders4fnd_106cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*
sapdocument_builders4fnd_107cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*
sapdocument_builders4fnd_108cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*
sapdocument_buildersap_bs_fnd_702cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*
sapdocument_buildersap_bs_fnd_731cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*
sapdocument_buildersap_bs_fnd_746cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Document Builder",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "S4FND 103"
      },
      {
        "status": "affected",
        "version": "S4FND 104"
      },
      {
        "status": "affected",
        "version": "S4FND 105"
      },
      {
        "status": "affected",
        "version": "S4FND 106"
      },
      {
        "status": "affected",
        "version": "S4FND 107"
      },
      {
        "status": "affected",
        "version": "S4FND 108"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 731"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 746"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 747"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 748"
      }
    ]
  }
]

Related

cvelist 1
vulnrichment 1
nvd 1
cvelist
cvelist
CVE-2024-39591 Missing Authorization check in SAP Document Builder
2024-08-13 05:00:42
vulnrichment
vulnrichment
CVE-2024-39591 Missing Authorization check in SAP Document Builder
2024-08-13 05:00:42
nvd
nvd
CVE-2024-39591
2024-08-13 05:15:13

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON
Related for CVE-2024-39591
cvelist1vulnrichment1nvd1