CVE-2024-32730

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 69.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Enable NOW
Timeline
PublishedMay 14

Description

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5sap_se/sap_enable_now1704

🔴Vulnerability Details

2
GHSA
GHSA-4qcf-w92c-26h6: SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges2024-05-14
CVEList
Missing authorization check in SAP Enable Now Manager2024-04-26
CVE-2024-32730 (MEDIUM CVSS 6.5) | SAP Enable Now Manager does not per | cvebase.io