CVE-2024-30216Missing Authorization in SE SAP S 4 Hana

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 74.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4 Hana
Timeline
PublishedApr 9

Description

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_s_4_hana6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-vjh4-v73g-fc8r: Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges2024-04-09
CVEList
Missing Authorization check in SAP S/4 HANA (Cash Management)2024-04-09
CVE-2024-30216 — Missing Authorization | cvebase