- Description
- SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- cna@sap.com
- CWE-862
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:s\\/4hana:104:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14A540DA-F234-4EEA-ADE8-4F6306A86C1E"
},
{
"criteria": "cpe:2.3:a:sap:s\\/4hana:105:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "088EF501-76F9-44EC-B8B9-AED6F6096C03"
}
],
"operator": "OR"
}
]
}
]