CVE-2024-24739

SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/2637727	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:bank_account_management:s4core_100:::::::*
	cpe:2.3:a:sap:bank_account_management:s4core_101:::::::*
	cpe:2.3:a:sap:bank_account_management:sap_fin_618:::::::*
	cpe:2.3:a:sap:bank_account_management:sap_fin_730:::::::*

History

16 Oct 2024, 21:20

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/2637727 -~~	() https://me.sap.com/notes/2637727 - Permissions Required
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html -~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
First Time		Sap Sap bank Account Management
CPE		cpe:2.3:a:sap:bank_account_management:sap_fin_730:::::::* cpe:2.3:a:sap:bank_account_management:s4core_101:::::::* cpe:2.3:a:sap:bank_account_management:s4core_100:::::::* cpe:2.3:a:sap:bank_account_management:sap_fin_618:::::::*

13 Feb 2024, 14:01

Type	Values Removed	Values Added
Summary		(es) SAP Bank Account Management (BAM) permite que un usuario autenticado con acceso restringido utilice funciones que pueden resultar en una escalada de privilegios con bajo impacto en la confidencialidad, integridad y disponibilidad de la aplicación.

13 Feb 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-13 03:15

Updated : 2024-10-16 21:20

NVD link : CVE-2024-24739

Mitre link : CVE-2024-24739

CVE.ORG link : CVE-2024-24739

JSON object : View

Products Affected

sap

bank_account_management

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-24739", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-02-13T03:15:08.780", "references": [{"url": "https://me.sap.com/notes/2637727", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.\n\n"}, {"lang": "es", "value": "SAP Bank Account Management (BAM) permite que un usuario autenticado con acceso restringido utilice funciones que pueden resultar en una escalada de privilegios con bajo impacto en la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-10-16T21:20:37.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:bank_account_management:s4core_100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1ACAD6-9068-4468-83B2-8CB61F325BEA"}, {"criteria": "cpe:2.3:a:sap:bank_account_management:s4core_101:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76352086-0768-4A0F-91AB-BEE3CDA58AF9"}, {"criteria": "cpe:2.3:a:sap:bank_account_management:sap_fin_618:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5842D64D-C725-439A-82EA-A10FB0718DB5"}, {"criteria": "cpe:2.3:a:sap:bank_account_management:sap_fin_730:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D69CC7F0-A2F5-4C3F-80F6-F2397859A6C0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}