CVE-2024-22133: Improper Access Control in SAP Fiori Front End Server
First published: Tue Mar 12 2024(Updated: )
SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Fiori Front End Server | ||
| SAP Fiori Front End Server | =605 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22133?
CVE-2024-22133 has a low impact on Confidentiality and Integrity.
How do I fix CVE-2024-22133?
To resolve CVE-2024-22133, update your SAP Fiori Front End Server to the latest version as recommended in SAP's security notes.
What is the risk of not addressing CVE-2024-22133?
Failing to address CVE-2024-22133 may lead to incorrect approver details being submitted in leave requests, potentially causing process inefficiencies.
Which versions of SAP Fiori Front End Server are affected by CVE-2024-22133?
CVE-2024-22133 affects SAP Fiori Front End Server version 605.
Can CVE-2024-22133 affect data integrity in my organization?
Yes, CVE-2024-22133 can compromise data integrity by allowing the alteration of approver details.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/sap
- canonical/sap fiori front end server
- version/sap fiori front end server/605