CVE-2024-4138 – Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
https://notcve.org/view.php?id=CVE-2024-4138
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede habilitar/deshabilitar la regla de uso compartido de otros usuarios que afecta la integridad de la aplicación. • https://me.sap.com/notes/3434666 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVE-2024-4139 – Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
https://notcve.org/view.php?id=CVE-2024-4139
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede eliminar reglas de otros usuarios que afecten la integridad de la aplicación. • https://me.sap.com/notes/3434666 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVE-2024-28165 – Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28165
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application La plataforma SAP Business Objects Business Intelligence es vulnerable al XSS almacenado, lo que permite a un atacante manipular un parámetro en la URL de Opendocument, lo que podría tener un alto impacto en la confidencialidad y la integridad de la aplicación. • https://me.sap.com/notes/3431794 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-33000 – Missing Authorization check in SAP Bank Account Management
https://notcve.org/view.php?id=CVE-2024-33000
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system. SAP Bank Account Management no realiza la verificación de autorización necesaria para un usuario autorizado, lo que resulta en una escalada de privilegios. Como resultado, tiene un bajo impacto en la confidencialidad del sistema. • https://me.sap.com/notes/3392049 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVE-2024-33008 – Memory Corruption vulnerability in SAP Replication Server
https://notcve.org/view.php?id=CVE-2024-33008
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system. SAP Replication Server permite a un atacante utilizar una puerta de enlace para ejecutar algunos comandos a RSSD. Esto podría provocar que el servidor de replicación colapse debido a daños en la memoria con un alto impacto en la disponibilidad del sistema. • https://me.sap.com/notes/3349468 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-787: Out-of-bounds Write •