MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2024-45282

CVSS 4.3v3.1pub. 2024-10-08upd. 2024-11-14

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Sap S\/4 Hana

    APP
    Sap
    102103104105106107
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-0498CRITICAL9.1PL ✓ten sam produkt

SAP S/4HANA: injection kodu ABAP/poleceń OS przez RFC z uprawnieniami admina

CVE-2020-26832HIGH7.6ten sam produkt

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_...

CVE-2020-6188HIGH8.8ten sam produkt

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617,...

CVE-2024-34691MEDIUM6.5ten sam produkt

Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an au...

CVE-2023-41368LOW2.7ten sam produkt

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an at...