Vulnerabilities > CVE-2024-37172 - Missing Authorization vulnerability in SAP S4Core 107/108

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
LOW
network
low complexity
sap
CWE-862
NVD
Published: 2024-07-09
Updated: 2024-09-09

Summary

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity.

Vulnerable Configurations

Part Description Count
Application
Sap
3

Common Weakness Enumeration (CWE)

References