CVE-2024-32731 Information

Description

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. On successful exploitation the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality integrity and availability of the application. 

Reference

https://me.sap.com/notes/3447467 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364