Skip to main content

S 4Hana CVE-2023-24524

MEDIUM
Missing Authorization (CWE-862)
2023-02-14 cna@sap.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 14, 2023 - 04:15 nvd
MEDIUM 6.5

DescriptionNVD

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

AnalysisAI

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. Affected products include: Sap S\/4Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2021-38176 HIGH
8.8 Sep 14

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT functi

CVE-2022-31589 MEDIUM
6.5 Jun 14

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction

CVE-2023-40306 MEDIUM
6.1 Sep 08

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a maliciou

CVE-2020-6184 MEDIUM
6.1 Feb 12

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS ver

CVE-2023-42473 MEDIUM
5.4 Oct 10

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticat

CVE-2022-31597 MEDIUM
5.4 Jul 12

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extens

CVE-2020-6212 MEDIUM
5.4 Apr 24

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (version

CVE-2020-6185 MEDIUM
5.4 Feb 12

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS vers

CVE-2022-32248 MEDIUM
5.3 Jul 12

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106

CVE-2020-6214 MEDIUM
4.7 Apr 14

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Rated m

CVE-2023-42475 MEDIUM
4.3 Oct 10

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker

CVE-2020-6316 MEDIUM
4.3 Nov 10

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in

Share

CVE-2023-24524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy