CVE-2024-39591

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3477423	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:document_builder:s4fnd_102:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_103:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_104:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_105:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_106:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_107:::::::*
	cpe:2.3:a:sap:document_builder:s4fnd_108:::::::*
	cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:::::::*
	cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:::::::*
	cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:::::::*
	cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:::::::*
	cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:::::::*

History

No history.

Information

Published : 2024-08-13 05:15

Updated : 2024-09-12 13:29

NVD link : CVE-2024-39591

Mitre link : CVE-2024-39591

CVE.ORG link : CVE-2024-39591

JSON object : View

Products Affected

sap

document_builder

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-39591", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-08-13T05:15:13.347", "references": [{"url": "https://me.sap.com/notes/3477423", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application."}, {"lang": "es", "value": "SAP Document Builder no realiza las comprobaciones de autorizaci\u00f3n necesarias para uno de los m\u00f3dulos de funciones, lo que da como resultado una escalada de privilegios que tiene un bajo impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-12T13:29:47.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65DD3306-BD29-4E59-A0BE-7BEFB80E83A5"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49820851-29AD-4467-9CC9-6938197538A7"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6012CA9C-F45A-44FD-84A2-960D41638458"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25337ED2-24AC-4329-89FE-2ACC8F806721"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A48BA465-1906-4E24-BCC4-43677988EE56"}, {"criteria": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7562A2A3-BBA4-4FE7-800C-1D0A9FD750D8"}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0"}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1FA8D4E-C6EB-4DD9-9729-0CE94FC1023D"}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2ED89F2-6C57-4393-9D7C-EF02C399F514"}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D738350-C117-4248-9334-2D1540986E34"}, {"criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9242A4C0-3C2B-4877-A3CA-F17C2A036162"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}