PDCE Elements Priv Escalation: Missing Auth Checks
CVE-2024-39592 Published on July 9, 2024
[CVE-2024-39592] Missing Authorization check in SAP PDCE
Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.
This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.
Vulnerability Analysis
CVE-2024-39592 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-39592 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-39592
stack.watch emails you whenever new vulnerabilities are published in SAP S4core or SAP S4coreop. Just hit a watch button to start following.
Affected Versions
SAP_SE SAP PDCE:- Version S4CORE 102 is affected.
- Version S4CORE 103 is affected.
- Version S4COREOP 104 is affected.
- Version S4COREOP 105 is affected.
- Version S4COREOP 106 is affected.
- Version S4COREOP 107 is affected.
- Version S4COREOP 108 is affected.
- Version S4CORE 102 is affected.
- Version S4CORE 103 is affected.
- Version S4COREOP 104 is affected.
- Version S4COREOP 105 is affected.
- Version S4COREOP 106 is affected.
- Version S4COREOP 107 is affected.
- Version S4COREOP 108 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.