PT-2024-2863 · Sap · Sap Group Reporting Data Collection

Published

2024-04-08

Updated

2024-04-09

CVE-2024-28167

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions SAP Group Reporting Data Collection (affected versions not specified)

Description The issue is related to insufficient authorization checks in the SAP Group Reporting Data Collection component, specifically affecting the Enter Package Data app. This allows an authenticated user to escalate privileges and modify specific data without having the necessary authorization, resulting in a high impact on the integrity of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2024-03017

CVE-2024-28167

Affected Products

Sap Group Reporting Data Collection

PT-2024-2863 · Sap · Sap Group Reporting Data Collection

CVE-2024-28167

Weakness Enumeration

Related Identifiers

Affected Products

References · 6