CVE-2024-45282

EPSS 0.14%
Veröffentlicht 08.10.2024 04:15:08
Zuletzt bearbeitet 14.11.2024 17:56:17
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ S/4 Hana Version102

SAP ≫ S/4 Hana Version103

SAP ≫ S/4 Hana Version104

SAP ≫ S/4 Hana Version105

SAP ≫ S/4 Hana Version106

SAP ≫ S/4 Hana Version107

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.345

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-650 Trusting HTTP Permission Methods on the Server Side

The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3251893

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-45282

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45282

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45282

EUVD