CVE-2024-34691

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3466175	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s\/4_hana:103:::::::*
	cpe:2.3:a:sap:s\/4_hana:104:::::::*
	cpe:2.3:a:sap:s\/4_hana:105:::::::*
	cpe:2.3:a:sap:s\/4_hana:106:::::::*
	cpe:2.3:a:sap:s\/4_hana:107:::::::*
	cpe:2.3:a:sap:s\/4_hana:108:::::::*
	cpe:2.3:a:sap:s\/4_hana:s4core_102:::::::*

History

16 Aug 2024, 18:08

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3466175 -~~	() https://me.sap.com/notes/3466175 - Permissions Required
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html -~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory
CPE		cpe:2.3:a:sap:s\/4_hana:105:::::::* cpe:2.3:a:sap:s\/4_hana:107:::::::* cpe:2.3:a:sap:s\/4_hana:108:::::::* cpe:2.3:a:sap:s\/4_hana:104:::::::* cpe:2.3:a:sap:s\/4_hana:s4core_102:::::::* cpe:2.3:a:sap:s\/4_hana:106:::::::* cpe:2.3:a:sap:s\/4_hana:103:::::::*
First Time		Sap s\/4 Hana Sap

11 Jun 2024, 13:54

Type	Values Removed	Values Added
Summary		(es) Administrar archivos de pagos entrantes (F1680) de SAP S/4HANA no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un alto impacto en la integridad y ningún impacto en la confidencialidad y disponibilidad del sistema.

11 Jun 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 03:15

Updated : 2024-08-16 18:08

NVD link : CVE-2024-34691

Mitre link : CVE-2024-34691

CVE.ORG link : CVE-2024-34691

JSON object : View

Products Affected

sap

s\/4_hana

CWE

CWE-862

Missing Authorization

6.5 /10