CVE-2023-41368
Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
El servicio OData de S4 HANA (Manage checkbook apps), versiones 102, 103, 104, 105, 106, 107, permite a un atacante cambiar el nombre del checkbook simulando una llamada OData de actualizaciĆ³n.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-29 CVE Reserved
- 2023-09-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-09-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 102 Search vendor "Sap" for product "S\/4 Hana" and version "102" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 103 Search vendor "Sap" for product "S\/4 Hana" and version "103" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 104 Search vendor "Sap" for product "S\/4 Hana" and version "104" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 105 Search vendor "Sap" for product "S\/4 Hana" and version "105" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 106 Search vendor "Sap" for product "S\/4 Hana" and version "106" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 107 Search vendor "Sap" for product "S\/4 Hana" and version "107" | - |
Affected
| ||||||