Lucene search

[email protected]CVE-2024-34691

HistoryJun 11, 2024 - 3:15 a.m.

CVE-2024-34691

2024-06-1103:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-34691

sap s/4hana

authorization

escalation of privileges

integrity

confidentiality

availability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Manage Incoming Payment Files (F1680) of SAP
S/4HANA does not perform necessary authorization checks for an authenticated
user, resulting in escalation of privileges. As a result, it has high impact on
integrity and no impact on the confidentiality and availability of the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA (Manage Incoming Payment Files)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      }
    ]
  }
]

References

me.sap.com/notes/3466175

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-34691

cvelist1 nvd1