Sensitive Data Exposure in SAP Fiori Travel Management App

Sensitive Data Exposure in SAP Fiori Travel Management App

CVE-2023-24528 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.

Learn more about our Network Penetration Testing.