Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) by SAP_SE

    CVE-2024-4139 (GCVE-0-2024-4139)

    Vulnerability from nvd – Published: 2024-05-14 03:51 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    Summary
    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) Affected: SAPSCORE 131
    Affected: S4CORE 105
    Affected: S4CORE 106
    Affected: S4CORE 107
    Affected: S4CORE 108
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T18:38:26.004595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:21.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3434666"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 131"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 105"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 106"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 107"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
                }
              ],
              "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T04:01:51.145Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3434666"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-4139",
        "datePublished": "2024-05-14T03:51:31.364Z",
        "dateReserved": "2024-04-24T16:59:14.740Z",
        "dateUpdated": "2024-08-01T20:33:52.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4138 (GCVE-0-2024-4138)

    Vulnerability from nvd – Published: 2024-05-14 03:53 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    Summary
    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) Affected: SAPSCORE 131
    Affected: S4CORE 105
    Affected: S4CORE 106
    Affected: S4CORE107
    Affected: S4CORE 108
    Create a notification for this product.
    sap s\/4hana Affected: 105
        cpe:2.3:a:sap:s\/4hana:105:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 106
        cpe:2.3:a:sap:s\/4hana:106:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 107
        cpe:2.3:a:sap:s\/4hana:107:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 108
        cpe:2.3:a:sap:s\/4hana:108:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:105:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "105"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:106:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "106"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:107:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "107"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:108:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "108"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T19:40:07.920544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:13.334Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3434666"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 131"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 105"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 106"
                },
                {
                  "status": "affected",
                  "version": "S4CORE107"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
                }
              ],
              "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T04:01:25.521Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3434666"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-4138",
        "datePublished": "2024-05-14T03:53:10.737Z",
        "dateReserved": "2024-04-24T16:59:01.812Z",
        "dateUpdated": "2024-08-01T20:33:52.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4138 (GCVE-0-2024-4138)

    Vulnerability from cvelistv5 – Published: 2024-05-14 03:53 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    Summary
    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) Affected: SAPSCORE 131
    Affected: S4CORE 105
    Affected: S4CORE 106
    Affected: S4CORE107
    Affected: S4CORE 108
    Create a notification for this product.
    sap s\/4hana Affected: 105
        cpe:2.3:a:sap:s\/4hana:105:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 106
        cpe:2.3:a:sap:s\/4hana:106:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 107
        cpe:2.3:a:sap:s\/4hana:107:*:*:*:*:*:*:*
    Create a notification for this product.
    sap s\/4hana Affected: 108
        cpe:2.3:a:sap:s\/4hana:108:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:105:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "105"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:106:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "106"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:107:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "107"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:s\\/4hana:108:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "s\\/4hana",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "108"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T19:40:07.920544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:13.334Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3434666"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 131"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 105"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 106"
                },
                {
                  "status": "affected",
                  "version": "S4CORE107"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
                }
              ],
              "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T04:01:25.521Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3434666"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-4138",
        "datePublished": "2024-05-14T03:53:10.737Z",
        "dateReserved": "2024-04-24T16:59:01.812Z",
        "dateUpdated": "2024-08-01T20:33:52.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4139 (GCVE-0-2024-4139)

    Vulnerability from cvelistv5 – Published: 2024-05-14 03:51 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
    Summary
    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) Affected: SAPSCORE 131
    Affected: S4CORE 105
    Affected: S4CORE 106
    Affected: S4CORE 107
    Affected: S4CORE 108
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T18:38:26.004595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:21.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3434666"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 131"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 105"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 106"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 107"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
                }
              ],
              "value": "Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-14T04:01:51.145Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3434666"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-4139",
        "datePublished": "2024-05-14T03:51:31.364Z",
        "dateReserved": "2024-04-24T16:59:14.740Z",
        "dateUpdated": "2024-08-01T20:33:52.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }