CVE-2024-25643

Name of the Vulnerable Software and Affected Versions SAP Fiori app (My Overtime Request) version 605

Description The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. An attacker can exploit this issue by sending specially crafted requests to gain unauthorized access to protected information.

Recommendations For SAP Fiori app (My Overtime Request) version 605, consider implementing proper authorization checks for authenticated users to prevent privilege escalation. As a temporary workaround, restrict access to sensitive information and consider disabling the manipulation of URLs for data requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.