CVE-2024-39592
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP PDCE | S4CORE 102 | affected |
| SAP_SE | SAP PDCE | S4CORE 103 | affected |
| SAP_SE | SAP PDCE | S4COREOP 104 | affected |
| SAP_SE | SAP PDCE | S4COREOP 105 | affected |
| SAP_SE | SAP PDCE | S4COREOP 106 | affected |
| SAP_SE | SAP PDCE | S4COREOP 107 | affected |
| SAP_SE | SAP PDCE | S4COREOP 108 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.