Vulnerabilities > CVE-2023-24528 - Missing Authorization vulnerability in SAP Fiori 600

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sap
CWE-862

Summary

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Common Weakness Enumeration (CWE)