The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sap
Sap fiori |
|
CPEs | cpe:2.3:a:sap:fiori:605:*:*:*:*:*:*:* | |
Vendors & Products |
Sap
Sap fiori |
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2024-02-13T03:37:14.954Z
Updated: 2024-08-01T23:44:09.819Z
Reserved: 2024-02-09T04:10:20.036Z
Link: CVE-2024-25643
Vulnrichment
Updated: 2024-08-01T23:44:09.819Z
NVD
Status : Modified
Published: 2024-02-13T04:15:08.590
Modified: 2024-11-21T09:01:08.590
Link: CVE-2024-25643
Redhat
No data.