Vulnerabilities > CVE-2024-24741 - Missing Authorization vulnerability in SAP Master Data Governance for Material Data

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2024-02-13

Updated: 2024-10-16

Summary

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Master Data Governance FOR Material Data 618 SAP Master Data Governance FOR Material Data 619 SAP Master Data Governance FOR Material Data 620 SAP Master Data Governance FOR Material Data 621 SAP Master Data Governance FOR Material Data 622 SAP Master Data Governance FOR Material Data 800 SAP Master Data Governance FOR Material Data 801 SAP Master Data Governance FOR Material Data 802 SAP Master Data Governance FOR Material Data 803 SAP Master Data Governance FOR Material Data 804	10

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References