CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-24741 – Missing Authorization check in SAP Master Data Governance Material
https://notcve.org/view.php?id=CVE-2024-24741
13 Feb 2024 — SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. SAP Master Data Governance for Material Data: versiones 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, no realiza la verificación de autorización necesaria para un usuario autentica... • https://me.sap.com/notes/2897391 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-49058 – Directory Traversal vulnerability in SAP Master Data Governance
https://notcve.org/view.php?id=CVE-2023-49058
12 Dec 2023 — SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality. La aplicación SAP Master Data Governance File Upload permite a un atacante aprovechar la validación insuficiente de la información de ruta proporcionada por los usuarios, por lo que los caracteres que representan "... • https://me.sap.com/notes/3363690 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2020-6256
https://notcve.org/view.php?id=CVE-2020-6256
12 May 2020 — SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. SAP Master Data Governance, versiones - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, permite a usuarios mostrar los detalles de las peticiones de cambio sin tener las autorizaciones requeridas, debido a una Falta de Comprobación de Autorización. • https://launchpad.support.sap.com/#/notes/2912747 • CWE-862: Missing Authorization •