SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.
References
Link | Resource |
---|---|
https://me.sap.com/notes/2897391 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Oct 2024, 21:16
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap master Data Governance For Material Data
Sap |
|
CPE | cpe:2.3:a:sap:master_data_governance_for_material_data:618:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:622:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:621:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:801:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:804:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:800:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:620:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:802:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:803:*:*:*:*:*:*:* cpe:2.3:a:sap:master_data_governance_for_material_data:619:*:*:*:*:*:*:* |
|
References | () https://me.sap.com/notes/2897391 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
13 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 04:15
Updated : 2024-10-16 21:16
NVD link : CVE-2024-24741
Mitre link : CVE-2024-24741
CVE.ORG link : CVE-2024-24741
JSON object : View
Products Affected
sap
- master_data_governance_for_material_data
CWE
CWE-862
Missing Authorization