CVE-2024-47587

{"id": "CVE-2024-47587", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2024-11-12T01:15:04.470", "references": [{"url": "https://me.sap.com/notes/3498470", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application."}, {"lang": "es", "value": "Las operaciones de efectivo no realizan la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que genera una escalada de privilegios que tiene un impacto bajo en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-12T13:55:21.227", "sourceIdentifier": "cna@sap.com"}