CVE-2023-24524 — Missing Authorization in SAP S 4 Hana

CWE-862 — Missing Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 45.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP S 4 Hana SAP S 4hana

Timeline

PublishedFeb 14

Description

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/s_4hana104, 105+1

▶CVEListV5sap/s_4_hana104, 105+1

🔴Vulnerability Details

GHSA

GHSA-h6rv-p7g5-c45x: SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation↗2023-02-14

▶

CVEList

CVE-2023-24524: SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation↗2023-02-14

▶