Integrity Violations in Read-Only Fields

CVE-2024-45282

5.3MEDIUM

Key Information

Vendor: SAP
Status: SAP S/4 Hana (manage Bank Statements)
Vendor: CVE Published:; 8 October 2024

Summary

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

Affected Version(s)

SAP S/4 HANA (Manage Bank Statements) = S4CORE

SAP S/4 HANA (Manage Bank Statements) = 102

SAP S/4 HANA (Manage Bank Statements) = 103

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 8, 2024
Vulnerability Reserved.
Aug 26, 2024

Collectors

NVD DatabaseMitre Database