CVE-2024-39591
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Document Builder | S4FND 102 | affected |
| SAP_SE | SAP Document Builder | S4FND 103 | affected |
| SAP_SE | SAP Document Builder | S4FND 104 | affected |
| SAP_SE | SAP Document Builder | S4FND 105 | affected |
| SAP_SE | SAP Document Builder | S4FND 106 | affected |
| SAP_SE | SAP Document Builder | S4FND 107 | affected |
| SAP_SE | SAP Document Builder | S4FND 108 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 702 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 731 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 746 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 747 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 748 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.