CVE-2024-32731

Missing Authorization check in SAP My Travel Requests

CVSS 5.5 MEDIUMEPSS 0.4%CWE-862

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 may 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Productos afectados

SAP_SE · SAP My Travel Requests

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3447467 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364