CVE-2024-24741: Missing Authorization check in SAP Master Data Governance Material
First published: Tue Feb 13 2024(Updated: )
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Master Data Governance | =618 | |
| SAP Master Data Governance | =619 | |
| SAP Master Data Governance | =620 | |
| SAP Master Data Governance | =621 | |
| SAP Master Data Governance | =622 | |
| SAP Master Data Governance | =800 | |
| SAP Master Data Governance | =801 | |
| SAP Master Data Governance | =802 | |
| SAP Master Data Governance | =803 | |
| SAP Master Data Governance | =804 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-24741?
CVE-2024-24741 has been classified as a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2024-24741?
To fix CVE-2024-24741, it is recommended to apply the latest security patches provided by SAP for the affected versions of Master Data Governance for Material Data.
Which versions are affected by CVE-2024-24741?
CVE-2024-24741 affects SAP Master Data Governance for Material Data versions 618 through 804.
What impact does CVE-2024-24741 have on users?
CVE-2024-24741 allows an authenticated attacker to escalate privileges and access sensitive information they should not be able to view.
How can I determine if I am vulnerable to CVE-2024-24741?
You can determine your vulnerability to CVE-2024-24741 by checking if you are using any of the affected versions of SAP Master Data Governance for Material Data and if you have not applied the necessary patches.
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap master data governance
- version/sap master data governance/618
- version/sap master data governance/619
- version/sap master data governance/620
- version/sap master data governance/621
- version/sap master data governance/622
- version/sap master data governance/800
- version/sap master data governance/801
- version/sap master data governance/802
- version/sap master data governance/803
- version/sap master data governance/804