CVE-2024-39596
[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to missing authorization checks, SAP Enable
Now allows an author to escalate privileges to access information which should
otherwise be restricted. On successful exploitation, the attacker can cause
limited impact on confidentiality of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP_SE · SAP Enable NowWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →