FKIE_CVE-2024-39591

Vulnerability from fkie_nvd - Published: 2024-08-13 05:15 - Updated: 2024-09-12 13:29
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
References
cna@sap.comhttps://me.sap.com/notes/3477423Permissions Required
cna@sap.comhttps://url.sap/sapsecuritypatchdayVendor Advisory
Impacted products
Vendor Product Version
sap document_builder s4fnd_102
sap document_builder s4fnd_103
sap document_builder s4fnd_104
sap document_builder s4fnd_105
sap document_builder s4fnd_106
sap document_builder s4fnd_107
sap document_builder s4fnd_108
sap document_builder sap_bs_fnd_702
sap document_builder sap_bs_fnd_731
sap document_builder sap_bs_fnd_746
sap document_builder sap_bs_fnd_747
sap document_builder sap_bs_fnd_748
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*",
              "matchCriteriaId": "3273C74F-E5FE-47A2-B7F8-E76095A64359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD3306-BD29-4E59-A0BE-7BEFB80E83A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*",
              "matchCriteriaId": "49820851-29AD-4467-9CC9-6938197538A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*",
              "matchCriteriaId": "6012CA9C-F45A-44FD-84A2-960D41638458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*",
              "matchCriteriaId": "25337ED2-24AC-4329-89FE-2ACC8F806721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48BA465-1906-4E24-BCC4-43677988EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*",
              "matchCriteriaId": "7562A2A3-BBA4-4FE7-800C-1D0A9FD750D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A14342E-3477-457C-AF13-54AFFA9DE1C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1FA8D4E-C6EB-4DD9-9729-0CE94FC1023D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ED89F2-6C57-4393-9D7C-EF02C399F514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D738350-C117-4248-9334-2D1540986E34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*",
              "matchCriteriaId": "9242A4C0-3C2B-4877-A3CA-F17C2A036162",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application."
    },
    {
      "lang": "es",
      "value": "SAP Document Builder no realiza las comprobaciones de autorizaci\u00f3n necesarias para uno de los m\u00f3dulos de funciones, lo que da como resultado una escalada de privilegios que tiene un bajo impacto en la confidencialidad de la aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2024-39591",
  "lastModified": "2024-09-12T13:29:47.207",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-13T05:15:13.347",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3477423"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.