CVE-2024-4139

Summary

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4 HANA (Manage Bank Statement Reprocessing Rules)SAPSCORE 131affected
SAP_SESAP S/4 HANA (Manage Bank Statement Reprocessing Rules)S4CORE 105affected
SAP_SESAP S/4 HANA (Manage Bank Statement Reprocessing Rules)S4CORE 106affected
SAP_SESAP S/4 HANA (Manage Bank Statement Reprocessing Rules)S4CORE 107affected
SAP_SESAP S/4 HANA (Manage Bank Statement Reprocessing Rules)S4CORE 108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References