CVE-2024-39592

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3483344
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-09 04:15

Updated : 2024-07-09 18:19

NVD link : CVE-2024-39592

Mitre link : CVE-2024-39592

CVE.ORG link : CVE-2024-39592

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

Show plain JSON

{"id": "CVE-2024-39592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2024-07-09T04:15:13.420", "references": [{"url": "https://me.sap.com/notes/3483344", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Elements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\n\n\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application."}, {"lang": "es", "value": "Elements of PDCE no realiza las verificaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto permite a un atacante leer informaci\u00f3n confidencial causando un alto impacto en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-07-09T18:19:14.047", "sourceIdentifier": "cna@sap.com"}

{

id : CVE-2024-39592 (string)

cveTags : [ *empty* ]

metrics : { »

cvssMetricV31 : [ »

0 : { »

type : Secondary (string)

source : cna@sap.com (string)

cvssData : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 7.7 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : LOW (string)

confidentialityImpact : HIGH (string)

}

impactScore : 4 (number)

exploitabilityScore : 3.1 (number)

}

]

}

published : 2024-07-09T04:15:13.420 (string)

references : [ »

0 : { »

url : https://me.sap.com/notes/3483344 (string)

source : cna@sap.com (string)

}

1 : { »

url : https://url.sap/sapsecuritypatchday (string)

source : cna@sap.com (string)

}

]

vulnStatus : Undergoing Analysis (string)

weaknesses : [ »

0 : { »

type : Primary (string)

source : cna@sap.com (string)

description : [ »

0 : { »

lang : en (string)

value : CWE-862 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. (string)

}

1 : { »

lang : es (string)

value : Elements of PDCE no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto permite a un atacante leer información confidencial causando un alto impacto en la confidencialidad de la aplicación. (string)

}

]

lastModified : 2024-07-09T18:19:14.047 (string)

sourceIdentifier : cna@sap.com (string)

}

CVE-2024-39592

7.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

JSON object

Attach tags to CVE-2024-39592

7.7^/10

Attach tags to `CVE-2024-39592`