CVE-2024-30217

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3430173
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Configurations

No configuration.

History

09 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) Cash Management en SAP S/4 HANA no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede aprobar o rechazar una solicitud de cuenta bancaria afectando la integridad de la aplicación. La confidencialidad y la disponibilidad no se ven afectadas.

09 Apr 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-04-09 12:48

NVD link : CVE-2024-30217

Mitre link : CVE-2024-30217

CVE.ORG link : CVE-2024-30217

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10