CVE-2024-45282

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45282

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

F

ields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

References
Link Resource
https://me.sap.com/notes/3251893 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
History

14 Nov 2024, 17:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 5.3
First Time Sap
Sap s\/4 Hana
CPE cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
References () https://me.sap.com/notes/3251893 - () https://me.sap.com/notes/3251893 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory

10 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Los campos que están en estado de "solo lectura" en Bank Statement Draft in Manage Bank Statements application. La propiedad de una entidad OData que representa un método supuestamente inmutable no está protegida contra modificaciones externas que provoquen violaciones de integridad. La confidencialidad y la disponibilidad no se ven afectadas.

08 Oct 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-08 04:15

Updated : 2024-11-14 17:56

NVD link : CVE-2024-45282

Mitre link : CVE-2024-45282

CVE.ORG link : CVE-2024-45282

JSON object : View

Products Affected

sap

CWE
CWE-650

Trusting HTTP Permission Methods on the Server Side