CVE-2024-39591

Summary

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Document BuilderS4FND 102affected
SAP_SESAP Document BuilderS4FND 103affected
SAP_SESAP Document BuilderS4FND 104affected
SAP_SESAP Document BuilderS4FND 105affected
SAP_SESAP Document BuilderS4FND 106affected
SAP_SESAP Document BuilderS4FND 107affected
SAP_SESAP Document BuilderS4FND 108affected
SAP_SESAP Document BuilderSAP_BS_FND 702affected
SAP_SESAP Document BuilderSAP_BS_FND 731affected
SAP_SESAP Document BuilderSAP_BS_FND 746affected
SAP_SESAP Document BuilderSAP_BS_FND 747affected
SAP_SESAP Document BuilderSAP_BS_FND 748affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References