CVE-2024-39591

Name: CVE-2024-39591
Creator: NVD / NIST
Published: 2024-08-13T05:15:13.347+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.26%

Last modified Jun 17, 2026

CVE-2024-39591 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.26%

17.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Sap	Document Builder	s4fnd_102
Sap	Document Builder	s4fnd_103
Sap	Document Builder	s4fnd_104
Sap	Document Builder	s4fnd_105
Sap	Document Builder	s4fnd_106
Sap	Document Builder	s4fnd_107
Sap	Document Builder	s4fnd_108
Sap	Document Builder	sap_bs_fnd_702
Sap	Document Builder	sap_bs_fnd_731
Sap	Document Builder	sap_bs_fnd_746
Sap	Document Builder	sap_bs_fnd_747
Sap	Document Builder	sap_bs_fnd_748

References

https://me.sap.com/notes/3477423Permissions Required
https://url.sap/sapsecuritypatchdayVendor Advisory

Timeline

Published: Aug 13, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-39591?

SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.

How severe is CVE-2024-39591?

CVE-2024-39591 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.

How do I fix CVE-2024-39591?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-39591?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST