CVE-2024-47581

Missing Authorization check in SAP HCM (Approve Timesheets version 4)

CVSS 4.3 MEDIUMEPSS 0.2%CWE-862

SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

SAP_SE · SAP HCM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/3522332 https://url.sap/sapsecuritypatchday