Lucene search

SapCVELIST:CVE-2024-21736

HistoryJan 09, 2024 - 1:15 a.m.

CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

2024-01-0901:15:17

CWE-285

sap

www.cve.org

cve-2024-21736

missing authorization check

sap s/4hana finance

advanced payment management

sapscore 128

s4core 107

in-house bank accounts

confidentiality

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA Finance (Advanced Payment Management)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAPSCORE 128"
      },
      {
        "status": "affected",
        "version": "S4CORE 107"
      }
    ]
  }
]

References

me.sap.com/notes/3260667

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2024-21736