CVE-2024-30216

Missing Authorization check in SAP S/4 HANA (Cash Management)

CVSS 4.3 MEDIUMEPSS 0.3%CWE-862

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Productos afectados

SAP_SE · SAP S/4 HANA (Cash Management)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3427178 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364