First published: Tue Jul 09 2024(Updated: )
SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
SAP S/4HANA (SAP S4fnd, SAP S4core) | =107 | |
SAP S/4HANA (SAP S4fnd, SAP S4core) | =108 | |
SAP S/4HANA |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-37172 has a low severity rating due to limited impact on confidentiality and availability.
To resolve CVE-2024-37172, apply the latest security updates and patches provided by SAP for the affected versions.
CVE-2024-37172 allows for privilege escalation without compromising integrity, affecting system confidentiality and availability.
CVE-2024-37172 affects SAP S/4HANA Finance versions 107 and 108, among others.
Currently, the best recommendation for CVE-2024-37172 is to apply the necessary security updates from SAP rather than relying on a workaround.