Vulnerabilites related to SAP_SE - SAP PDCE
CVE-2024-39592 (GCVE-0-2024-39592)
Vulnerability from cvelistv5
Published
2024-07-09 03:45
Modified
2024-08-02 04:26
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE
Summary
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
References
Impacted products
Vendor Product Version
SAP_SE SAP PDCE Version: S4CORE 102
Version: S4CORE 103
Version: S4COREOP 104
Version: S4COREOP 105
Version: S4COREOP 106
Version: S4COREOP 107
Version: S4COREOP 108
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sap_se:sap_pdce:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sap_pdce",
            "vendor": "sap_se",
            "versions": [
              {
                "status": "affected",
                "version": "S4CORE 102"
              },
              {
                "status": "affected",
                "version": "S4CORE 103"
              },
              {
                "status": "affected",
                "version": "S4COREOP 104"
              },
              {
                "status": "affected",
                "version": "S4COREOP 105"
              },
              {
                "status": "affected",
                "version": "S4COREOP 106"
              },
              {
                "status": "affected",
                "version": "S4COREOP 107"
              },
              {
                "status": "affected",
                "version": "S4COREOP 108"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T18:22:20.617499Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T18:33:09.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://url.sap/sapsecuritypatchday"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://me.sap.com/notes/3483344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP PDCE",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "S4CORE 102"
            },
            {
              "status": "affected",
              "version": "S4CORE 103"
            },
            {
              "status": "affected",
              "version": "S4COREOP 104"
            },
            {
              "status": "affected",
              "version": "S4COREOP 105"
            },
            {
              "status": "affected",
              "version": "S4COREOP 106"
            },
            {
              "status": "affected",
              "version": "S4COREOP 107"
            },
            {
              "status": "affected",
              "version": "S4COREOP 108"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eElements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\u003c/p\u003e\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application.\n\n\n\n"
            }
          ],
          "value": "Elements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\n\n\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T03:45:56.018Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://url.sap/sapsecuritypatchday"
        },
        {
          "url": "https://me.sap.com/notes/3483344"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "[CVE-2024-39592] Missing Authorization check in SAP PDCE",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2024-39592",
    "datePublished": "2024-07-09T03:45:56.018Z",
    "dateReserved": "2024-06-26T09:58:24.095Z",
    "dateUpdated": "2024-08-02T04:26:15.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}