Lucene search

K
cvelistSapCVELIST:CVE-2024-37172
HistoryJul 09, 2024 - 4:15 a.m.

CVE-2024-37172 [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

2024-07-0904:15:22
CWE-862
sap
www.cve.org
4
sap s/4hana
authorization check
privilege escalation
confidentiality
availability
integrity

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0

Percentile

14.1%

SAP S/4HANA Finance (Advanced Payment
Management) does not perform necessary authorization check for an authenticated
user, resulting in escalation of privileges. As a result, it has a low impact
to confidentiality and availability but there is no impact on the integrity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA Finance (Advanced Payment Management)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ]
  }
]

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0

Percentile

14.1%

Related for CVELIST:CVE-2024-37172