CVE-2024-32730 MEDIUM

CVE-2024-32730: Missing authorization check in SAP Enable Now Manager

Vendor Sap_Se

Product SAP Enable Now

Weakness CWE-862 · Missing authorization

Published April 26, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application.

Key dates

02Disclosure timeline

April 26, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-32730 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-0907 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() CVE-2024-9234 GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload CVE-2025-27000 WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability CVE-2024-37443 WordPress WP Job Manager plugin <= 2.1.0 - Broken Access Control vulnerability CVE-2023-41651 WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability