CVE-2024-4139
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | SAPSCORE 131 | affected |
| SAP_SE | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | S4CORE 105 | affected |
| SAP_SE | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | S4CORE 106 | affected |
| SAP_SE | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | S4CORE 107 | affected |
| SAP_SE | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) | S4CORE 108 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://me.sap.com/notes/3434666
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
References
- https://me.sap.com/notes/3434666
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.