6.3
CVE-2024-24739
- EPSS 0.11%
- Published 13.02.2024 03:15:08
- Last modified 21.11.2024 08:59:35
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Bank Account Management Versions4core_100
SAP ≫ Bank Account Management Versions4core_101
SAP ≫ Bank Account Management Versionsap_fin_618
SAP ≫ Bank Account Management Versionsap_fin_730
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.299 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@sap.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.