Lucene search

SapVULNRICHMENT:CVE-2024-37172

HistoryJul 09, 2024 - 4:15 a.m.

CVE-2024-37172 [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

2024-07-0904:15:22

CWE-862

sap

github.com

sap s/4hana

authorization check

privilege escalation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP S/4HANA Finance (Advanced Payment
Management) does not perform necessary authorization check for an authenticated
user, resulting in escalation of privileges. As a result, it has a low impact
to confidentiality and availability but there is no impact on the integrity.

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP S/4HANA Finance (Advanced Payment Management)",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3457354

url.sap/sapsecuritypatchday

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-37172