CVE-2023-24524

Summary

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

Affected Software

VendorProductVersion RangeStatus
SAPS/4 HANA (Map Treasury Correspondence Format Data)104affected
SAPS/4 HANA (Map Treasury Correspondence Format Data)105affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References