CVE-2024-24741

Published Feb 13, 2024

Last updated 4 months ago

CVSS medium 4.3

Overview

Description: SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:618:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DBE392-E087-47C1-A929-C2106BBD765F"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:619:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A54FC8EC-AFCE-47F4-83D6-A670CCED00F4"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:620:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC15EBBD-B074-4BAA-A725-DCD66138DAD8"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:621:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23B8D5F8-219C-47F4-98B7-E5B124563107"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:622:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA569B7D-9360-4B22-8F04-076CA8FC0EC3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20E3C861-0668-42FD-BD02-539861F1CBDC"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:801:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C66BC0C1-702E-44BB-AA5C-02011760B0A2"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:802:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40EAAF80-6111-4ED7-9460-DC48576F52D0"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F9E8C5-3C69-4E7A-8946-8A9B92698B7B"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance_for_material_data:804:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F74B545-1CD8-4405-8640-C27BE6715DC5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References