{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-39596","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-06-26T09:58:24.095Z","datePublished":"2024-07-09T04:25:57.251Z","dateUpdated":"2024-08-02T04:26:16.017Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Enable Now","vendor":"SAP_SE","versions":[{"status":"affected","version":"WPB_MANAGER_CE 10"},{"status":"affected","version":"WPB_MANAGER_HANA 10"},{"status":"affected","version":"ENABLE_NOW_CONSUMP_DEL 1704"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application.\n\n\n\n"}],"value":"Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862: Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-07-09T04:25:57.251Z"},"references":[{"url":"https://url.sap/sapsecuritypatchday"},{"url":"https://me.sap.com/notes/3476348"}],"source":{"discovery":"UNKNOWN"},"title":"[CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-09T13:59:07.965334Z","id":"CVE-2024-39596","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-09T13:59:14.488Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:26:16.017Z"},"title":"CVE Program Container","references":[{"url":"https://url.sap/sapsecuritypatchday","tags":["x_transferred"]},{"url":"https://me.sap.com/notes/3476348","tags":["x_transferred"]}]}]}}