HIGH✓ PATCH🇬🇧 English

CVE-2024-39592

CVSS 7.7v3.1pub. 2024-07-09upd. 2024-11-21

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Sap S4core

    APP
    Sap
    102103
  • Sap S4coreop

    APP
    Sap
    104105106107108
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-33701CRITICAL9.1ten sam produkt

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...

CVE-2018-2484HIGH8.8ten sam produkt

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...

CVE-2026-23688MEDIUM4.3ten sam produkt

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated...

CVE-2026-0505MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...

CVE-2026-24323MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...