exploitDog

CVE-2024-22133

Опубликовано: 12 мар. 2024

Источник: nvd

CVSS3: 4.6

CVSS3: 6.5

EPSS Низкий

Описание

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.

Ссылки

https://me.sap.com/notes/3417399
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Vendor Advisory
https://me.sap.com/notes/3417399
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:fiori_front_end_server:605:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00362

Низкий

4.6 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-66xc-mh6m-4xpc

CVSS3: 4.6

github

почти 2 года назад

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.

EPSS

Процентиль: 58%

0.00362

Низкий

4.6 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863