CVE-2023-24524

6.5MEDIUM

Key Information:

Vendor: SAP
Status: S/4 HANA (Map Treasury Correspondence Format Data)
Vendor: CVE Published:; 14 February 2023

Summary

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

Affected Version(s)

S/4 HANA (Map Treasury Correspondence Format Data) 104

S/4 HANA (Map Treasury Correspondence Format Data) 105

References

https://launchpad.support.sap.com/#/notes/2985905

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 25, 2023