CVE-2024-45282— HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-45282
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在服务器端信任HTTP权限模型
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP S/4 HANA 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP S/4 HANA是德国思爱普(SAP)公司的一款适用于大型企业的智能化集成式ERP软件。 SAP S/4 HANA存在安全漏洞,该漏洞源于“read only”状态的字段可以通过MERGE方法进行修改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP S/4 HANA (Manage Bank Statements) | S4CORE | - |
II. Public POCs for CVE-2024-45282
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-45282
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2024-10-08 · 5 CVEs total
| CVE-2024-37179 | 7.7 HIGH | Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platfo |
| CVE-2024-47594 | 5.4 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) |
| CVE-2024-45278 | 5.4 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice |
| CVE-2024-45277 | 4.3 MEDIUM | Prototype Pollution vulnerability in SAP HANA Client |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
V. Comments for CVE-2024-45282
No comments yet