4.3
CVE-2024-44112
- EPSS 0.1%
- Published 10.09.2024 04:15:04
- Last modified 16.09.2024 14:19:24
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Oil %/ Gas Version600
SAP ≫ Oil %/ Gas Version602
SAP ≫ Oil %/ Gas Version603
SAP ≫ Oil %/ Gas Version604
SAP ≫ Oil %/ Gas Version605
SAP ≫ Oil %/ Gas Version606
SAP ≫ Oil %/ Gas Version617
SAP ≫ Oil %/ Gas Version618
SAP ≫ Oil %/ Gas Version800
SAP ≫ Oil %/ Gas Version802
SAP ≫ Oil %/ Gas Version803
SAP ≫ Oil %/ Gas Version804
SAP ≫ Oil %/ Gas Version805
SAP ≫ Oil %/ Gas Version806
SAP ≫ Oil %/ Gas Version807
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.287 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| cna@sap.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.