CVE-2024-45282
moderate-risk
Published 2024-10-08
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
Do I need to act?
-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (6)
S\/4 Hana
S\/4 Hana
S\/4 Hana
S\/4 Hana
S\/4 Hana
S\/4 Hana
Affected Vendors
References (2)
Permissions Required
https://me.sap.com/notes/3251893
Vendor Advisory
https://url.sap/sapsecuritypatchday
32
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
13/34 · Low