CVE-2024-25643

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 63.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Fiori APP (MY Overtime Requests)SAP Fiori
Timeline
PublishedFeb 13

Description

The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsap/fiori605

🔴Vulnerability Details

2
CVEList
Missing authorization check in SAP Fiori app (My Overtime Requests)2024-02-13
GHSA
GHSA-c27w-rp5h-g734: The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result2024-02-13
CVE-2024-25643 (MEDIUM CVSS 4.3) | The SAP Fiori app (My Overtime Requ | cvebase.io