Integrity Violations in Read-Only Fields
CVE-2024-45282

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4 Hana (manage Bank Statements)
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-45282?

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

Affected Version(s)

SAP S/4 HANA (Manage Bank Statements) S4CORE

SAP S/4 HANA (Manage Bank Statements) 102

SAP S/4 HANA (Manage Bank Statements) 103

References

https://me.sap.com/notes/3251893

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 26, 2024