CVE-2024-30217Missing Authorization in SE SAP S 4 Hana

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 78.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4 Hana
Timeline
PublishedApr 9

Description

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_s_4_hanaS4CORE 106, S4CORE 107, S4CORE 108+2

🔴Vulnerability Details

2
CVEList
Missing Authorization check in SAP S/4 HANA (Cash Management)2024-04-09
GHSA
GHSA-pv4q-pg8h-7p42: Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges2024-04-09
CVE-2024-30217 — Missing Authorization | cvebase