SAP BW/4HANA DTP Auth Escalation via Improper Auth Checks
CVE-2024-37176 Published on June 11, 2024

Missing Authorization check in SAP BW/4HANA Transformation and DTP
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.

NVD

Vulnerability Analysis

CVE-2024-37176 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2024-37176 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2024-37176

Want to know whenever a new CVE is published for SAP Bw4hana? stack.watch will email you.

SAP Bw4hana
 

Affected Versions

SAP_SE SAP BW/4HANA Transformation and Data Transfer Process: sap_se sap_bw_4hana: sap_se sap_bw_4hana: sap_se sap_bw_4hana: sap_se sap_bw_4hana: sap_se sap_bw_4hana: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw: sap_se sap_bw:

Exploit Probability

EPSS
0.10%
Percentile
27.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.