Insufficient Authorization Checks Lead to Sensitive Information Exposure

CVE-2024-39592

6.5MEDIUM

Key Information

Vendor: SAP
Status: SAP Pdce
Vendor: CVE Published:; 9 July 2024

Badges

📰 News Worthy

Summary

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

Affected Version(s)

SAP PDCE = S4CORE 102

SAP PDCE = S4CORE 103

SAP PDCE = S4COREOP 104

News Articles

prophaze.com

CVE-2024-39592

CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION - Cloud WAF

CVE-2024-39592 : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5 months ago

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by prophaze.com
Jul 9, 2024
Vulnerability published.
Jul 9, 2024
Vulnerability Reserved.
Jun 26, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)