CVE-2024-39592

Summary

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP PDCES4CORE 102affected
SAP_SESAP PDCES4CORE 103affected
SAP_SESAP PDCES4COREOP 104affected
SAP_SESAP PDCES4COREOP 105affected
SAP_SESAP PDCES4COREOP 106affected
SAP_SESAP PDCES4COREOP 107affected
SAP_SESAP PDCES4COREOP 108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References