← volver
CVE-2024-32731

Missing Authorization check in SAP My Travel Requests

CVSS 5.5 MEDIUMEPSS 0.4%CWE-862
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application. 
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Productos afectados
SAP_SE · SAP My Travel Requests

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3447467https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364