CVE-2024-37175 | THREATINT

Description

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

PUBLISHED Reserved 2024-06-04 | Published 2024-07-09 | Updated 2024-08-02 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

S4FND 102

affected

S4FND 103

affected

S4FND 104

affected

S4FND 105

affected

S4FND 106

affected

S4FND 107

affected

S4FND 108

affected

WEBCUIF 701

affected

WEBCUIF 731

affected

WEBCUIF 746

affected

WEBCUIF 747

affected

WEBCUIF 748

affected

WEBCUIF 800

affected

WEBCUIF 801

affected

References

url.sap/sapsecuritypatchday

me.sap.com/notes/3467377

url.sap/sapsecuritypatchday

me.sap.com/notes/3467377

cve.org (CVE-2024-37175)

nvd.nist.gov (CVE-2024-37175)