CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3251893	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s\/4_hana:102:::::::*
	cpe:2.3:a:sap:s\/4_hana:103:::::::*
	cpe:2.3:a:sap:s\/4_hana:104:::::::*
	cpe:2.3:a:sap:s\/4_hana:105:::::::*
	cpe:2.3:a:sap:s\/4_hana:106:::::::*
	cpe:2.3:a:sap:s\/4_hana:107:::::::*

History

14 Nov 2024, 17:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sap:s\/4_hana:104:::::::* cpe:2.3:a:sap:s\/4_hana:102:::::::* cpe:2.3:a:sap:s\/4_hana:106:::::::* cpe:2.3:a:sap:s\/4_hana:105:::::::* cpe:2.3:a:sap:s\/4_hana:107:::::::* cpe:2.3:a:sap:s\/4_hana:103:::::::*
First Time		Sap Sap s\/4 Hana
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
References	~~() https://me.sap.com/notes/3251893 -~~	() https://me.sap.com/notes/3251893 - Permissions Required

08 Oct 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-08 04:15

Updated : 2024-11-14 17:56

NVD link : CVE-2024-45282

Mitre link : CVE-2024-45282

JSON object : View

Products Affected

sap

s\/4_hana

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

5.3 /10