CVE-2024-41736

Summary

Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Permit to WorkUIS4HOP1 800affected
SAP_SESAP Permit to Work900affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References