exploitDog

CVE-2023-24524

Опубликовано: 14 фев. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

Ссылки

https://launchpad.support.sap.com/#/notes/2985905
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2985905
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:s\/4hana:104:*:*:*:*:*:*:*

cpe:2.3:a:sap:s\/4hana:105:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00213

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-h6rv-p7g5-c45x

CVSS3: 6.5

github

почти 3 года назад

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

EPSS

Процентиль: 44%

0.00213

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862