Vulnerabilities > CVE-2024-27900 - Unspecified vulnerability in SAP Abap Platform 758/795

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2024-03-12

Updated: 2025-02-26

Summary

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Abap Platform 758 SAP Abap Platform 795	2

References

https://me.sap.com/notes/3419022
https://me.sap.com/notes/3419022
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364