CVE-2023-24528

Name of the Vulnerable Software and Affected Versions SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) version 600

Description The issue allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.

Recommendations For version 600, consider restricting access to the misconfigured application endpoint to minimize the risk of exploitation. As a temporary workaround, review and correct the configuration of the exposed endpoint to prevent unauthorized access. Ensure that only necessary personnel have access to sensitive data and implement additional security measures to protect against potential attacks.