What is CVE-2024-45282?

CVE-2024-45282 is a medium-severity vulnerability in Sap_se Sap S/4 Hana (Manage Bank Statements), classified under Trusting HTTP Permission Methods on the Server Side. CVSS score: 4.3/10. Published 2024-10-08.

How severe is CVE-2024-45282?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2024-45282 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sap_se Sap S/4 Hana (Manage Bank Statements)

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against extern…

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Sap_se Sap S/4 Hana (Manage Bank Statements) — versions S4CORE, 102, 103

Weakness classification (CWE)

CWE-650 — Trusting HTTP Permission Methods on the Server Side

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

Frequently asked questions

What is CVE-2024-45282?: CVE-2024-45282 is a medium-severity vulnerability in Sap_se Sap S/4 Hana (Manage Bank Statements), classified under Trusting HTTP Permission Methods on the Server Side. CVSS score: 4.3/10. Published 2024-10-08.
How severe is CVE-2024-45282?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2024-45282 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.