CVE-2023-24524
First published: Tue Feb 14 2023(Updated: )
SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP S/4HANA | =104 | |
| SAP S/4HANA | =105 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-24524?
CVE-2023-24524 is classified as a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2023-24524?
To address CVE-2023-24524, ensure that proper authorization checks are implemented for the affected SAP S/4 HANA versions.
Which software versions are affected by CVE-2023-24524?
CVE-2023-24524 affects SAP S/4 HANA versions 104 and 105.
What impact does CVE-2023-24524 have?
CVE-2023-24524 can result in a high impact to data availability as it may allow unauthorized deletion of data.
Can CVE-2023-24524 be exploited by authenticated users?
Yes, CVE-2023-24524 can be exploited by an authenticated user due to the lack of necessary authorization checks.
- agent/references
- agent/tags
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/description
- agent/severity
- agent/weakness
- agent/event
- vendor/sap
- canonical/sap s/4hana
- version/sap s/4hana/104
- version/sap s/4hana/105