SAP BAM Privilege Escalation via Restricted User Functions
CVE-2024-24739 Published on February 13, 2024
Missing authorization check in SAP BAM (Bank Account Management)
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.
Vulnerability Analysis
CVE-2024-24739 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-24739 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-24739
Want to know whenever a new CVE is published for SAP Bank Account Management? stack.watch will email you.
Affected Versions
SAP_SE SAP BAM (Bank Account Management):- Version SAP_FIN 618 is affected.
- Version SAP_FIN 730 is affected.
- Version S4CORE 100 is affected.
- Version 101 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.