Vulnerabilities > CVE-2024-42376 - Missing Authorization vulnerability in SAP Shared Service Framework

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Shared Service Framework Sap_Bs_Fnd_702 SAP Shared Service Framework Sap_Bs_Fnd_731 SAP Shared Service Framework Sap_Bs_Fnd_746 SAP Shared Service Framework Sap_Bs_Fnd_747 SAP Shared Service Framework Sap_Bs_Fnd_748	5

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://me.sap.com/notes/3474590
https://url.sap/sapsecuritypatchday