CVE-2024-27901

HIGH

SAP Asset Accounting - Path Traversal

Title source: llm

Description

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3438234

[Various Sources] https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Scores

CVSS v3 7.2

EPSS 0.0022

EPSS Percentile 44.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-35

Status published

Products (9)

SAP_SE/SAP Asset Accounting SAP_APPL 600

SAP_SE/SAP Asset Accounting SAP_APPL 602

SAP_SE/SAP Asset Accounting SAP_APPL 603

SAP_SE/SAP Asset Accounting SAP_APPL 604

SAP_SE/SAP Asset Accounting SAP_APPL 605

SAP_SE/SAP Asset Accounting SAP_APPL 606

SAP_SE/SAP Asset Accounting SAP_FIN 618

SAP_SE/SAP Asset Accounting SAP_FIN617

SAP_SE/SAP Asset Accounting SAP_FIN700

Published Apr 09, 2024

Tracked Since Feb 18, 2026