5.5

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPBw/4hana Version300
SAPBw/4hana Version400
SAPBw/4hana Version750
SAPBw/4hana Version751
SAPBw/4hana Version752
SAPBw/4hana Version753
SAPBw/4hana Version754
SAPBw/4hana Version755
SAPBw/4hana Version756
SAPBw/4hana Version757
SAPBw/4hana Version758
SAPBw/4hana Version796
SAPBw/4hana Versiondw4core_200
SAPBw/4hana Versionsap_bw_740
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.282
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@sap.com 5.5 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://me.sap.com/notes/3465455
Permissions Required