CVE-2024-24741
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Master Data Governance Material | 618 | affected |
| SAP_SE | SAP Master Data Governance Material | 619 | affected |
| SAP_SE | SAP Master Data Governance Material | 620 | affected |
| SAP_SE | SAP Master Data Governance Material | 621 | affected |
| SAP_SE | SAP Master Data Governance Material | 622 | affected |
| SAP_SE | SAP Master Data Governance Material | 800 | affected |
| SAP_SE | SAP Master Data Governance Material | 801 | affected |
| SAP_SE | SAP Master Data Governance Material | 802 | affected |
| SAP_SE | SAP Master Data Governance Material | 803 | affected |
| SAP_SE | SAP Master Data Governance Material | 804 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://me.sap.com/notes/2897391
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
References
- https://me.sap.com/notes/2897391
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.