CVE-2023-24528

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 49.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Fiori Apps 1.0 FOR Travel Management IN SAP ERP (MY Travel Requests)SAP Fiori
Timeline
PublishedFeb 14

Description

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsap/fiori600

🔴Vulnerability Details

2
GHSA
GHSA-9wqf-66mp-543v: SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigure2023-02-14
CVEList
CVE-2023-24528: SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigure2023-02-14
CVE-2023-24528 (MEDIUM CVSS 6.5) | SAP Fiori apps for Travel Managemen | cvebase.io