4.3

CVE-2024-24741

EPSS 0.15%
Published 13.02.2024 04:15:08
Last modified 21.11.2024 08:59:36
Source cna@sap.com
Teams watchlist Login
Open Login

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Master Data Governance For Material Data Version618

SAP ≫ Master Data Governance For Material Data Version619

SAP ≫ Master Data Governance For Material Data Version620

SAP ≫ Master Data Governance For Material Data Version621

SAP ≫ Master Data Governance For Material Data Version622

SAP ≫ Master Data Governance For Material Data Version800

SAP ≫ Master Data Governance For Material Data Version801

SAP ≫ Master Data Governance For Material Data Version802

SAP ≫ Master Data Governance For Material Data Version803

SAP ≫ Master Data Governance For Material Data Version804

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.367

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://me.sap.com/notes/2897391

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-24741

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24741

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24741

EUVD