CVE-2024-22133 Vulnerability Details

  /     /     /  

CVE-2024-22133 Metadata Quick Info

CVE Published: 12/03/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: sap | Vendor: SAP_SE | Product: SAP Fiori Front End Server
Status : PUBLISHED

---

CVE-2024-22133 Description

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application.

Metrics

CVSS Version: 3.1 | Base Score: 4.6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-863
CWE Name: CWE-863: Incorrect Authorization
Source: SAP_SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).