CVE-2024-24741

Summary

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Master Data Governance Material618affected
SAP_SESAP Master Data Governance Material619affected
SAP_SESAP Master Data Governance Material620affected
SAP_SESAP Master Data Governance Material621affected
SAP_SESAP Master Data Governance Material622affected
SAP_SESAP Master Data Governance Material800affected
SAP_SESAP Master Data Governance Material801affected
SAP_SESAP Master Data Governance Material802affected
SAP_SESAP Master Data Governance Material803affected
SAP_SESAP Master Data Governance Material804affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References