CVE-2024-39592

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE SAP PdceSAP S4coreSAP S4coreop
Timeline
PublishedJul 9

Description

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

CVEListV5sap_se/sap_pdce7 versions+6
NVDsap/s4core102, 103+1
NVDsap/s4coreop5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-jgmc-5q6m-58ch: Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges2024-07-09
CVEList
[CVE-2024-39592] Missing Authorization check in SAP PDCE2024-07-09
CVE-2024-39592 (MEDIUM CVSS 6.5) | Elements of PDCE does not perform n | cvebase.io