CVE-2024-4139Missing Authorization in SE SAP S 4 Hana

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4 Hana
Timeline
PublishedMay 14

Description

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_s_4_hana5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3wpq-gjx8-r7c8: Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privile2024-05-14
CVEList
Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)2024-05-14
CVE-2024-4139 — Missing Authorization | cvebase