Lucene search

[email protected]NVD:CVE-2024-37172

HistoryJul 09, 2024 - 5:15 a.m.

CVE-2024-37172

2024-07-0905:15:11

CWE-862

[email protected]

web.nvd.nist.gov

sap s/4hana

finance

authorization check

privilege escalation

confidentiality

availability

integrity

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

JSON

SAP S/4HANA Finance (Advanced Payment
Management) does not perform necessary authorization check for an authenticated
user, resulting in escalation of privileges. As a result, it has a low impact
to confidentiality and availability but there is no impact on the integrity.

Affected configurations

Nvd

Node

saps4coreMatch107

saps4coreMatch108

AND

saps\/4hanaMatch-

VendorProductVersionCPE
saps4core107cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*
saps4core108cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*
saps\/4hana-cpe:2.3:a:sap:s\/4hana:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	s4core	107	cpe:2.3:a:sap:s4core:107:::::::*
sap	s4core	108	cpe:2.3:a:sap:s4core:108:::::::*
sap	s\/4hana	-	cpe:2.3:a:sap:s\/4hana:-:::::::*

References

me.sap.com/notes/3457354

url.sap/sapsecuritypatchday

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

JSON

Related for NVD:CVE-2024-37172

vulnrichment1 cvelist1 cve1