CVE-2024-30216

Summary

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4 HANA (Cash Management)S4CORE 103affected
SAP_SESAP S/4 HANA (Cash Management)S4CORE 104affected
SAP_SESAP S/4 HANA (Cash Management)S4CORE 105affected
SAP_SESAP S/4 HANA (Cash Management)S4CORE 106affected
SAP_SESAP S/4 HANA (Cash Management)S4CORE 107affected
SAP_SESAP S/4 HANA (Cash Management)S4CORE 108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References