fkie_cve-2024-45282
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2024-11-14 17:56
Summary
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
References
Impacted products
Vendor Product Version
sap s\/4_hana 102
sap s\/4_hana 103
sap s\/4_hana 104
sap s\/4_hana 105
sap s\/4_hana 106
sap s\/4_hana 107



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:102:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE80980-12A5-40D7-8992-5C81FC82935E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:103:*:*:*:*:*:*:*",
              "matchCriteriaId": "82AAE66A-7112-4E83-9094-2AA571144F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:104:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF0FD31-F4F3-470A-9CB5-DE339D7334FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:105:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E5AE7-D16E-4122-A39E-20A2CAB9A146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:106:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAEF60F9-E053-4D22-AA65-9C1CA5130374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:s\\/4_hana:107:*:*:*:*:*:*:*",
              "matchCriteriaId": "8606117E-F864-474F-8839-F6BAB51113E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fields which are in \u0027read only\u0027 state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted."
    },
    {
      "lang": "es",
      "value": "Los campos que est\u00e1n en estado de \"solo lectura\" en Bank Statement Draft in Manage Bank Statements application. La propiedad de una entidad OData que representa un m\u00e9todo supuestamente inmutable no est\u00e1 protegida contra modificaciones externas que provoquen violaciones de integridad. La confidencialidad y la disponibilidad no se ven afectadas."
    }
  ],
  "id": "CVE-2024-45282",
  "lastModified": "2024-11-14T17:56:17.007",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-08T04:15:08.633",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3251893"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-650"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…