CVE-2024-39596

{"id": "CVE-2024-39596", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-09T05:15:12.710", "references": [{"url": "https://me.sap.com/notes/3476348", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3476348", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application."}, {"lang": "es", "value": "Debido a la falta de comprobaciones de autorizaci\u00f3n, SAP Enable Now permite a un autor escalar privilegios para acceder a informaci\u00f3n que de otro modo deber\u00eda estar restringida. Si la explotaci\u00f3n tiene \u00e9xito, el atacante puede causar un impacto limitado en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:28:05.147", "sourceIdentifier": "cna@sap.com"}