4Hana

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

sap

CWE-862

NVD

Published: 2024-06-11

Updated: 2024-08-09

Summary

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Bw/4Hana 300 SAP Bw/4Hana 400 SAP Bw/4Hana 796 SAP Bw/4Hana Sap_Bw_740 SAP Bw/4Hana 750 SAP Bw/4Hana 751 SAP Bw/4Hana 752 SAP Bw/4Hana 753 SAP Bw/4Hana 754 SAP Bw/4Hana 755 SAP Bw/4Hana 756 SAP Bw/4Hana 757 SAP Bw/4Hana 758 SAP Bw/4Hana Dw4Core_200	14

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References