CVE-2024-45286

Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3488341
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Debido a la falta de controles de autorización adecuados al llamar a un usuario, un módulo de funciones de la interfaz Tobin obsoleta de SAP Production and Revenue Accounting permite el acceso no autorizado que podría dar lugar a la divulgación de datos altamente confidenciales. No hay ningún impacto en la integridad ni en la disponibilidad.

10 Sep 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 04:15

Updated : 2024-09-10 12:09

NVD link : CVE-2024-45286

Mitre link : CVE-2024-45286

CVE.ORG link : CVE-2024-45286

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

6.5 /10