CVE-2024-4139
Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorizaciĆ³n necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede eliminar reglas de otros usuarios que afecten la integridad de la aplicaciĆ³n. La confidencialidad y la disponibilidad no se ven afectadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-24 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://me.sap.com/notes/3434666 | ||
| https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) Search vendor "SAP SE" for product "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)" | 131 Search vendor "SAP SE" for product "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)" and version "131" | en |
Affected
| ||||||