Lucene search
HistoryJun 11, 2024 - 3:15 a.m.
CVE-2024-34691
cve-2024-34691
sap
s/4hana
payment file
authorization
vulnerability
privilege escalation
integrity impact
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
Manage Incoming Payment Files (F1680) of SAP
S/4HANA does not perform necessary authorization checks for an authenticated
user, resulting in escalation of privileges. As a result, it has high impact on
integrity and no impact on the confidentiality and availability of the system.
Affected configurations
Node
saps\/4_hanaMatch103
ORsaps\/4_hanaMatch104
ORsaps\/4_hanaMatch105
ORsaps\/4_hanaMatch106
ORsaps\/4_hanaMatch107
ORsaps\/4_hanaMatch108
ORsaps\/4_hanaMatchs4core_102
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | s\/4_hana | 103 | cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:* |
| sap | s\/4_hana | 104 | cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:* |
| sap | s\/4_hana | 105 | cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:* |
| sap | s\/4_hana | 106 | cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:* |
| sap | s\/4_hana | 107 | cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:* |
| sap | s\/4_hana | 108 | cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:* |
| sap | s\/4_hana | s4core_102 | cpe:2.3:a:sap:s\/4_hana:s4core_102:*:*:*:*:*:*:* |
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
Related for NVD:CVE-2024-34691