← Back

CVE-2024-37176

nvd nist
Published: Jun 11, 2024Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.

Affected (14)

Products: Sap: Bw/4hana
Sap
1 product
Bw/4hana
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Bw/4hana
Version 300
Bw/4hana
Version 400
Bw/4hana
Version 750
Bw/4hana
Version 751
Bw/4hana
Version 752
Bw/4hana
Version 753
Bw/4hana
Version 754
Bw/4hana
Version 755
Bw/4hana
Version 756
Bw/4hana
Version 757
Bw/4hana
Version 758
Bw/4hana
Version 796
Bw/4hana
Version dw4core_200
Bw/4hana
Version sap_bw_740

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.