CVE-2024-37172

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity.
References
Link Resource
https://me.sap.com/notes/3457354 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
https://me.sap.com/notes/3457354 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:23

Type Values Removed Values Added
References () https://me.sap.com/notes/3457354 - Permissions Required () https://me.sap.com/notes/3457354 - Permissions Required
References () https://url.sap/sapsecuritypatchday - Vendor Advisory () https://url.sap/sapsecuritypatchday - Vendor Advisory

09 Sep 2024, 15:41

Type Values Removed Values Added
References () https://me.sap.com/notes/3457354 - () https://me.sap.com/notes/3457354 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:-:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*
First Time Sap s4core
Sap
Sap s\/4hana

09 Jul 2024, 18:19

Type Values Removed Values Added
Summary
  • (es) SAP S/4HANA Finance (Advanced Payment Management) no realiza la verificación de autorización necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un bajo impacto en la confidencialidad y la disponibilidad, pero no tiene ningún impacto en la integridad.

09 Jul 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 05:15

Updated : 2024-11-21 09:23


NVD link : CVE-2024-37172

Mitre link : CVE-2024-37172

CVE.ORG link : CVE-2024-37172


JSON object : View

Products Affected

sap

  • s\/4hana
  • s4core
CWE
CWE-862

Missing Authorization