CVE-2024-39591

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
References
Link Resource
https://me.sap.com/notes/3477423 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*

History

12 Sep 2024, 13:29

Type Values Removed Values Added
References () https://me.sap.com/notes/3477423 - () https://me.sap.com/notes/3477423 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.3
First Time Sap document Builder
Sap
Summary
  • (es) SAP Document Builder no realiza las comprobaciones de autorización necesarias para uno de los módulos de funciones, lo que da como resultado una escalada de privilegios que tiene un bajo impacto en la confidencialidad de la aplicación.
CPE cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*

13 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 05:15

Updated : 2024-09-12 13:29


NVD link : CVE-2024-39591

Mitre link : CVE-2024-39591

CVE.ORG link : CVE-2024-39591


JSON object : View

Products Affected

sap

  • document_builder
CWE
CWE-862

Missing Authorization