CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
References
Link Resource
https://me.sap.com/notes/3251893 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*

History

14 Nov 2024, 17:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.3
References () https://me.sap.com/notes/3251893 - () https://me.sap.com/notes/3251893 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
First Time Sap
Sap s\/4 Hana

10 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Los campos que están en estado de "solo lectura" en Bank Statement Draft in Manage Bank Statements application. La propiedad de una entidad OData que representa un método supuestamente inmutable no está protegida contra modificaciones externas que provoquen violaciones de integridad. La confidencialidad y la disponibilidad no se ven afectadas.

08 Oct 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-08 04:15

Updated : 2024-11-14 17:56


NVD link : CVE-2024-45282

Mitre link : CVE-2024-45282

CVE.ORG link : CVE-2024-45282


JSON object : View

Products Affected

sap

  • s\/4_hana
CWE
CWE-650

Trusting HTTP Permission Methods on the Server Side