CVE-2024-27900

CWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 63.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Abap PlatformSAP Abap Platform
Timeline
PublishedMar 12

Description

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsap/abap_platform758, 795+1
CVEListV5sap_se/sap_abap_platform758, 795+1

🔴Vulnerability Details

2
CVEList
Missing Authorization check in SAP ABAP Platform2024-03-12
GHSA
GHSA-r7v7-m4x6-4rxm: Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job2024-03-12
CVE-2024-27900 (MEDIUM CVSS 5.3) | Due to missing authorization check | cvebase.io