CVE-2024-39596

Due to missing authorization checks, SAP Enable
Now allows an author to escalate privileges to access information which should
otherwise be restricted. On successful exploitation, the attacker can cause
limited impact on confidentiality of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
sapCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Common Weakness Enumeration
References
https://me.sap.com/notes/3476348
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3476348
https://url.sap/sapsecuritypatchday