CVE-2024-39592

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3483344	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory
https://me.sap.com/notes/3483344	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s4core:102:::::::*
	cpe:2.3:a:sap:s4core:103:::::::*
	cpe:2.3:a:sap:s4coreop:104:::::::*
	cpe:2.3:a:sap:s4coreop:105:::::::*
	cpe:2.3:a:sap:s4coreop:106:::::::*
	cpe:2.3:a:sap:s4coreop:107:::::::*
	cpe:2.3:a:sap:s4coreop:108:::::::*

History

No history.

Information

Published : 2024-07-09 04:15

Updated : 2024-11-21 09:28

NVD link : CVE-2024-39592

Mitre link : CVE-2024-39592

CVE.ORG link : CVE-2024-39592

JSON object : View

Products Affected

sap

s4coreop
s4core

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-39592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-09T04:15:13.420", "references": [{"url": "https://me.sap.com/notes/3483344", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3483344", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Elements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\n\n\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application."}, {"lang": "es", "value": "Elements of PDCE no realiza las verificaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto permite a un atacante leer informaci\u00f3n confidencial causando un alto impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:28:04.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04C95A73-48EB-446C-A5F0-20E1D6BC1779"}, {"criteria": "cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C3C9003-68A6-4886-8979-9B7D01A35E40"}, {"criteria": "cpe:2.3:a:sap:s4coreop:104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "666D246E-3DF3-494C-8BD6-6C2F7C0D78C3"}, {"criteria": "cpe:2.3:a:sap:s4coreop:105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6B6F939-A3CD-4C0C-A6E7-E3BD4ADB5288"}, {"criteria": "cpe:2.3:a:sap:s4coreop:106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02AEDF75-D0D4-4221-BB40-9A8DC51FA84D"}, {"criteria": "cpe:2.3:a:sap:s4coreop:107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81ABE589-A7D1-42EF-B5A9-A94C8D0AE3AF"}, {"criteria": "cpe:2.3:a:sap:s4coreop:108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C1E9400-4CEB-4185-BC03-72B7F59DF03C"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}