CVE-2024-22133

MEDIUM

SAP Fiori Front End Server - version 605 - Info Disclosure

Title source: llm

Description

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3417399

Vendor Advisory

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Scores

CVSS v3 4.6

EPSS 0.0036

EPSS Percentile 58.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (1)

sap/fiori_front_end_server 605

Published Mar 12, 2024

Tracked Since Feb 18, 2026