CVE-2023-24524 MEDIUM

CVE-2023-24524

Vendor Sap
Product S/4 HANA (Map Treasury Correspondence Format Data)
Weakness CWE-862 · Missing authorization
Published February 14, 2023
Last update March 20, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

Key dates

02Disclosure timeline

February 14, 2023 CVE published
March 20, 2025 Record updated