SAP S/4HANA Vulnerability Could Expose Internal User Data
CVE-2024-44121

4.3MEDIUM

Key Information:

Vendor
SAP
Status
SAP S/4 Hana (statutory Reports)
Vendor
CVE Published:
10 September 2024

Summary

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application

Affected Version(s)

SAP S/4 HANA (Statutory Reports) 900

References

https://me.sap.com/notes/3437585
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.