CVE-2024-45282

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (affected versions not specified)

Description The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when processing requests. This could allow an attacker to modify or delete files. Specifically, fields in the 'read only' state in the Bank Statement Draft of the Manage Bank Statements application can be modified using the MERGE method. This leads to integrity violations, although confidentiality and availability are not impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.