CVE-2024-47581

Name of the Vulnerable Software and Affected Versions: SAP HCM Approve Timesheets Version 4 application

Description: The issue is related to the absence of a necessary authorization procedure in the SAP Human Capital Management (HCM) software, specifically in the Approve Timesheets Version 4 application. This allows a remote attacker to escalate their privileges. The impact on the application's integrity is low, and there is no impact on confidentiality and availability.

Recommendations: For SAP HCM Approve Timesheets Version 4 application, consider implementing necessary authorization checks for authenticated users to prevent privilege escalation until a patch is available. As a temporary workaround, restrict access to sensitive features that could be exploited for privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.