CVE-2024-37172

{"id": "CVE-2024-37172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-07-09T05:15:11.607", "references": [{"url": "https://me.sap.com/notes/3457354", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3457354", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP S/4HANA Finance (Advanced Payment\nManagement) does not perform necessary authorization check for an authenticated\nuser, resulting in escalation of privileges. As a result, it has a low impact\nto confidentiality and availability but there is no impact on the integrity."}, {"lang": "es", "value": "SAP S/4HANA Finance (Advanced Payment Management) no realiza la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un bajo impacto en la confidencialidad y la disponibilidad, pero no tiene ning\u00fan impacto en la integridad."}], "lastModified": "2024-11-21T09:23:21.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DEFABE8-1797-4C7B-941C-3205AE90914B"}, {"criteria": "cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78832FB6-B1DD-4516-B1DF-D90BB58BF25A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61225714-D573-435F-9423-7AE6A8ED59BC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cna@sap.com"}