CVE-2024-37176
MEDIUMSAP BW/4HANA - Authenticated Privilege Escalation via Improper Authorization Checks in DTP
Title source: llmDescription
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3465455
Patch, Vendor Advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
26.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (14)
sap/bw\/4hana
300
sap/bw\/4hana
400
sap/bw\/4hana
750
sap/bw\/4hana
751
sap/bw\/4hana
752
sap/bw\/4hana
753
sap/bw\/4hana
754
sap/bw\/4hana
755
sap/bw\/4hana
756
sap/bw\/4hana
757
... and 4 more
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026