CVE-2024-39596

Summary

Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Enable NowWPB_MANAGER_CE 10affected
SAP_SESAP Enable NowWPB_MANAGER_HANA 10affected
SAP_SESAP Enable NowENABLE_NOW_CONSUMP_DEL 1704affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References