CVE-2024-24739

EPSS 0.11%
Veröffentlicht 13.02.2024 03:15:08
Zuletzt bearbeitet 21.11.2024 08:59:35
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Bank Account Management Versions4core_100

SAP ≫ Bank Account Management Versions4core_101

SAP ≫ Bank Account Management Versionsap_fin_618

SAP ≫ Bank Account Management Versionsap_fin_730

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.299

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@sap.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://me.sap.com/notes/2637727

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-24739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24739

EUVD