Vulnerabilities > CVE-2024-39591 - Missing Authorization vulnerability in SAP Document Builder

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Document Builder Sap_Bs_Fnd_702 SAP Document Builder S4Fnd_102 SAP Document Builder S4Fnd_103 SAP Document Builder S4Fnd_104 SAP Document Builder S4Fnd_105 SAP Document Builder S4Fnd_106 SAP Document Builder S4Fnd_107 SAP Document Builder S4Fnd_108 SAP Document Builder Sap_Bs_Fnd_731 SAP Document Builder Sap_Bs_Fnd_746 SAP Document Builder Sap_Bs_Fnd_747 SAP Document Builder Sap_Bs_Fnd_748	12

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References