CVE-2024-44121Exposure of Sensitive Information Due to Incompatible Policies in SE SAP S 4 Hana

CWE-213Exposure of Sensitive Information Due to Incompatible Policies3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 65.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4 Hana
Timeline
PublishedSep 10

Description

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_s_4_hana900

🔴Vulnerability Details

2
CVEList
Information Disclosure in SAP S/4 HANA (Statutory Reports)2024-09-10
GHSA
GHSA-j73c-62cp-6vqj: Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be res2024-09-10
CVE-2024-44121 — SAP SE SAP S 4 Hana vulnerability | cvebase