CVE-2024-24741

MEDIUM

SAP Master Data Governance - Privilege Escalation

Title source: llm

Description

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/2897391

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (10)

sap/master_data_governance_for_material_data 618

sap/master_data_governance_for_material_data 619

sap/master_data_governance_for_material_data 620

sap/master_data_governance_for_material_data 621

sap/master_data_governance_for_material_data 622

sap/master_data_governance_for_material_data 800

sap/master_data_governance_for_material_data 801

sap/master_data_governance_for_material_data 802

sap/master_data_governance_for_material_data 803

sap/master_data_governance_for_material_data 804

Published Feb 13, 2024

Tracked Since Feb 18, 2026