CVE-2024-37172

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 56.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP S/4hana Finance (advanced Payment Management)SAP S4core

Timeline

PublishedJul 9

Description

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5sap_se/sap_s/4hana_finance_(advanced_payment_management)S4CORE 107, S4CORE 108+1

▶NVDsap/s4core107, 108+1

🔴Vulnerability Details

GHSA

GHSA-4r5j-cg4f-m685: SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of↗2024-07-09

▶

CVEList

[CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)↗2024-07-09

▶