Overview
SAP has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-39592
- SAP PDCE S4CORE 102, 103 versions
- SAP PDCE S4COREOP 104, 105, 106, 107, 108 versions
Resolved Vulnerabilities
An element in PDCE does not perform the required privilege checks on authenticated users, which could result in privilege escalation and allow an attacker to read sensitive information (CVE-2024-39592)
Vulnerability Patches
Vulnerability patches were made available in the latest update. Please follow the instructions on the Referenced Sites[1] to update to the latest Vulnerability Patches version.
Referenced Sites
[1] SAP Security Patch Day – July 2024
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2024.html
[2] CVE-2024-39592 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-39592
Article Link: SAP Products July 2024 Routine Security Update Advisory – ASEC