CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3251893	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s\/4_hana:102:::::::*
	cpe:2.3:a:sap:s\/4_hana:103:::::::*
	cpe:2.3:a:sap:s\/4_hana:104:::::::*
	cpe:2.3:a:sap:s\/4_hana:105:::::::*
	cpe:2.3:a:sap:s\/4_hana:106:::::::*
	cpe:2.3:a:sap:s\/4_hana:107:::::::*

History

No history.

Information

Published : 2024-10-08 04:15

Updated : 2024-11-14 17:56

NVD link : CVE-2024-45282

Mitre link : CVE-2024-45282

CVE.ORG link : CVE-2024-45282

JSON object : View

Products Affected

sap

s\/4_hana

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

{"id": "CVE-2024-45282", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-08T04:15:08.633", "references": [{"url": "https://me.sap.com/notes/3251893", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-650"}]}], "descriptions": [{"lang": "en", "value": "Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted."}, {"lang": "es", "value": "Los campos que est\u00e1n en estado de \"solo lectura\" en Bank Statement Draft in Manage Bank Statements application. La propiedad de una entidad OData que representa un m\u00e9todo supuestamente inmutable no est\u00e1 protegida contra modificaciones externas que provoquen violaciones de integridad. La confidencialidad y la disponibilidad no se ven afectadas."}], "lastModified": "2024-11-14T17:56:17.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4_hana:102:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EE80980-12A5-40D7-8992-5C81FC82935E"}, {"criteria": "cpe:2.3:a:sap:s\\/4_hana:103:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82AAE66A-7112-4E83-9094-2AA571144F64"}, {"criteria": "cpe:2.3:a:sap:s\\/4_hana:104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFF0FD31-F4F3-470A-9CB5-DE339D7334FF"}, {"criteria": "cpe:2.3:a:sap:s\\/4_hana:105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52E5AE7-D16E-4122-A39E-20A2CAB9A146"}, {"criteria": "cpe:2.3:a:sap:s\\/4_hana:106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAEF60F9-E053-4D22-AA65-9C1CA5130374"}, {"criteria": "cpe:2.3:a:sap:s\\/4_hana:107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8606117E-F864-474F-8839-F6BAB51113E0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}