{"cve":{"cve_id":"CVE-2024-39596","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00262,"epss_percentile":0.17331,"epss_as_of":"2026-06-23","description":"Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application.","published_at":"2024-07-09T04:25:57.251000Z","last_modified_at":null,"cvss_v3_score":4.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-862"],"nvd_references":["https://url.sap/sapsecuritypatchday","https://me.sap.com/notes/3476348"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:02:46.435981Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-enable-now","product_name":"SAP Enable Now","version_start":"WPB_MANAGER_CE 10","version_start_inclusive":true,"version_end":"WPB_MANAGER_CE 10","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-enable-now:WPB_MANAGER_CE 10:WPB_MANAGER_CE 10"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-enable-now","product_name":"SAP Enable Now","version_start":"WPB_MANAGER_HANA 10","version_start_inclusive":true,"version_end":"WPB_MANAGER_HANA 10","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-enable-now:WPB_MANAGER_HANA 10:WPB_MANAGER_HANA 10"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-enable-now","product_name":"SAP Enable Now","version_start":"ENABLE_NOW_CONSUMP_DEL 1704","version_start_inclusive":true,"version_end":"ENABLE_NOW_CONSUMP_DEL 1704","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-enable-now:ENABLE_NOW_CONSUMP_DEL 1704:ENABLE_NOW_CONSUMP_DEL 1704"}],"exploit_refs":[],"news":[],"references":[{"url":"https://url.sap/sapsecuritypatchday","source_type":"MISC","tags":["patch"]},{"url":"https://me.sap.com/notes/3476348","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-07-09T04:25:57.251000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:36:45.073514Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:36:45.073514Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:36:45.073514Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:02:46.435981Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:02:46.435981Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:02:46.435981Z","label":"SSVC decision revised","source":"vulnrichment"}]}