Attacker Can Change Privacy Setting of Job Templates from Shared to Private
CVE-2024-27900

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Abap Platform
Vendor: CVE Published:; 12 March 2024

Summary

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.

Affected Version(s)

SAP ABAP Platform 758

SAP ABAP Platform 795

References

https://me.sap.com/notes/3419022

https://support.sap.com/en/my-support/knowledge-base/secu...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 27, 2024