Vulnerabilities > CVE-2024-25643 - Missing Authorization vulnerability in SAP Fiori 605

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2024-02-13

Updated: 2024-10-16

Summary

The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Fiori 605	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://me.sap.com/notes/3237638
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html