SAP Master Data Governance for Material Data Vulnerability: Escalation of Privileges
CVE-2024-24741

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Master Data Governance Material
Vendor: CVE Published:; 13 February 2024

Summary

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

Affected Version(s)

SAP Master Data Governance Material 618

SAP Master Data Governance Material 619

SAP Master Data Governance Material 620

References

https://me.sap.com/notes/2897391

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 29, 2024