CVE-2024-41736

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
References
Link Resource
https://me.sap.com/notes/3475427 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*
cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*

History

12 Sep 2024, 13:51

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Sap permit To Work
Sap
Summary
  • (es) Bajo ciertas condiciones, SAP Permit to Work permite que un atacante autenticado acceda a información que de otro modo estaría restringida, lo que causa un bajo impacto en la confidencialidad de la aplicación.
CPE cpe:2.3:a:sap:permit_to_work:uis4hop1_800:*:*:*:*:*:*:*
cpe:2.3:a:sap:permit_to_work:uis4hop1_900:*:*:*:*:*:*:*
References () https://me.sap.com/notes/3475427 - () https://me.sap.com/notes/3475427 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:51


NVD link : CVE-2024-41736

Mitre link : CVE-2024-41736

CVE.ORG link : CVE-2024-41736


JSON object : View

Products Affected

sap

  • permit_to_work
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor