4.3

CVE-2024-44113

Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP Business Warehouse (BEx Analyzer)
Default Statusunaffected
Version DW4CORE 200
Status affected
Version DW4CORE 300
Status affected
Version DW4CORE 400
Status affected
Version SAP_BW 700
Status affected
Version SAP_BW 701
Status affected
Version SAP_BW 702
Status affected
Version SAP_BW 731
Status affected
Version SAP_BW 740
Status affected
Version SAP_BW 750
Status affected
Version SAP_BW 751
Status affected
Version SAP_BW 752
Status affected
Version SAP_BW 753
Status affected
Version SAP_BW 754
Status affected
Version SAP_BW 755
Status affected
Version SAP_BW 756
Status affected
Version SAP_BW 757
Status affected
Version SAP_BW 758
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.279
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.