Lucene search

SapCVELIST:CVE-2024-39592

HistoryJul 09, 2024 - 3:45 a.m.

CVE-2024-39592 [CVE-2024-39592] Missing Authorization check in SAP PDCE

2024-07-0903:45:56

CWE-862

sap

www.cve.org

missing authorization

sap pdce

privilege escalation

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.

This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP PDCE",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "S4CORE 103"
      },
      {
        "status": "affected",
        "version": "S4COREOP 104"
      },
      {
        "status": "affected",
        "version": "S4COREOP 105"
      },
      {
        "status": "affected",
        "version": "S4COREOP 106"
      },
      {
        "status": "affected",
        "version": "S4COREOP 107"
      },
      {
        "status": "affected",
        "version": "S4COREOP 108"
      }
    ]
  }
]

References

me.sap.com/notes/3483344

url.sap/sapsecuritypatchday

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for CVELIST:CVE-2024-39592