What is the severity of CVE-2024-34691?

CVE-2024-34691 has a high severity due to its potential for privilege escalation.

How do I fix CVE-2024-34691?

Fixing CVE-2024-34691 requires applying the appropriate patches provided by SAP for the affected versions.

Which versions of SAP S/4HANA are affected by CVE-2024-34691?

CVE-2024-34691 affects SAP S/4HANA versions 103, 104, 105, 106, 107, 108, and s4core_102.

What type of impact does CVE-2024-34691 have on the system?

CVE-2024-34691 impacts the integrity of the system by allowing privilege escalation without necessary authorization checks.

Can CVE-2024-34691 affect system confidentiality or availability?

CVE-2024-34691 has no impact on the confidentiality or availability of the system.

Vulnerability/
CVE-2024-34691

medium

6.5

CWE

862

11/6/2024

16/8/2024

CVE-2024-34691: Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

First published: Tue Jun 11 2024(Updated: )

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP S/4HANA	=103
SAP S/4HANA	=104
SAP S/4HANA	=105
SAP S/4HANA	=106
SAP S/4HANA	=107
SAP S/4HANA	=108
SAP S/4HANA	=s4core_102

Remedy

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-34691?
CVE-2024-34691 has a high severity due to its potential for privilege escalation.
How do I fix CVE-2024-34691?
Fixing CVE-2024-34691 requires applying the appropriate patches provided by SAP for the affected versions.
Which versions of SAP S/4HANA are affected by CVE-2024-34691?
CVE-2024-34691 affects SAP S/4HANA versions 103, 104, 105, 106, 107, 108, and s4core_102.
What type of impact does CVE-2024-34691 have on the system?
CVE-2024-34691 impacts the integrity of the system by allowing privilege escalation without necessary authorization checks.
Can CVE-2024-34691 affect system confidentiality or availability?
CVE-2024-34691 has no impact on the confidentiality or availability of the system.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap s/4hana
version/sap s/4hana/103
version/sap s/4hana/104
version/sap s/4hana/105
version/sap s/4hana/106
version/sap s/4hana/107
version/sap s/4hana/108
version/sap s/4hana/s4core_102

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.