Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

Published

2024-09-10T04:15:04.710

Last Modified

2024-09-16T14:19:24.917

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	oil_\%\/_gas	600	Yes
Application	sap	oil_\%\/_gas	602	Yes
Application	sap	oil_\%\/_gas	603	Yes
Application	sap	oil_\%\/_gas	604	Yes
Application	sap	oil_\%\/_gas	605	Yes
Application	sap	oil_\%\/_gas	606	Yes
Application	sap	oil_\%\/_gas	617	Yes
Application	sap	oil_\%\/_gas	618	Yes
Application	sap	oil_\%\/_gas	800	Yes
Application	sap	oil_\%\/_gas	802	Yes
Application	sap	oil_\%\/_gas	803	Yes
Application	sap	oil_\%\/_gas	804	Yes
Application	sap	oil_\%\/_gas	805	Yes
Application	sap	oil_\%\/_gas	806	Yes
Application	sap	oil_\%\/_gas	807	Yes

References

https://me.sap.com/notes/3505293 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Patch ([email protected])