{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T10:42:52.501","vulnerabilities":[{"cve":{"id":"CVE-2024-37172","sourceIdentifier":"cna@sap.com","published":"2024-07-09T05:15:11.607","lastModified":"2024-11-21T09:23:21.367","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP S/4HANA Finance (Advanced Payment\nManagement) does not perform necessary authorization check for an authenticated\nuser, resulting in escalation of privileges. As a result, it has a low impact\nto confidentiality and availability but there is no impact on the integrity."},{"lang":"es","value":"SAP S/4HANA Finance (Advanced Payment Management) no realiza la verificación de autorización necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un bajo impacto en la confidencialidad y la disponibilidad, pero no tiene ningún impacto en la integridad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*","matchCriteriaId":"5DEFABE8-1797-4C7B-941C-3205AE90914B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*","matchCriteriaId":"78832FB6-B1DD-4516-B1DF-D90BB58BF25A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:sap:s\\/4hana:-:*:*:*:*:*:*:*","matchCriteriaId":"61225714-D573-435F-9423-7AE6A8ED59BC"}]}]}],"references":[{"url":"https://me.sap.com/notes/3457354","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://me.sap.com/notes/3457354","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}