CVE-2024-39591

Published Aug 13, 2024

Last updated 2 months ago

CVSS medium 5.3

Overview

Description: SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65DD3306-BD29-4E59-A0BE-7BEFB80E83A5"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49820851-29AD-4467-9CC9-6938197538A7"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6012CA9C-F45A-44FD-84A2-960D41638458"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25337ED2-24AC-4329-89FE-2ACC8F806721"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48BA465-1906-4E24-BCC4-43677988EE56"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7562A2A3-BBA4-4FE7-800C-1D0A9FD750D8"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1FA8D4E-C6EB-4DD9-9729-0CE94FC1023D"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2ED89F2-6C57-4393-9D7C-EF02C399F514"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D738350-C117-4248-9334-2D1540986E34"
          },
          {
            "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9242A4C0-3C2B-4877-A3CA-F17C2A036162"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References