Search criteria
2 vulnerabilities found for SAP Production and Revenue Accounting (Tobin interface) by SAP_SE
CVE-2024-45286 (GCVE-0-2024-45286)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:56 – Updated: 2024-09-10 13:26
VLAI?
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) |
Affected:
S4CEXT 106
Affected: S4CEXT 107 Affected: S4CEXT 108 Affected: IS-PRA 605 Affected: IS-PRA 606 Affected: IS-PRA 616 Affected: IS-PRA 617 Affected: IS-PRA 618 Affected: IS-PRA 800 Affected: IS-PRA 801 Affected: IS-PRA 802 Affected: IS-PRA 803 Affected: IS-PRA 804 Affected: IS-PRA 805 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:26:08.017203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:26:21.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Production and Revenue Accounting (Tobin interface)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CEXT 106"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "S4CEXT 108"
},
{
"status": "affected",
"version": "IS-PRA 605"
},
{
"status": "affected",
"version": "IS-PRA 606"
},
{
"status": "affected",
"version": "IS-PRA 616"
},
{
"status": "affected",
"version": "IS-PRA 617"
},
{
"status": "affected",
"version": "IS-PRA 618"
},
{
"status": "affected",
"version": "IS-PRA 800"
},
{
"status": "affected",
"version": "IS-PRA 801"
},
{
"status": "affected",
"version": "IS-PRA 802"
},
{
"status": "affected",
"version": "IS-PRA 803"
},
{
"status": "affected",
"version": "IS-PRA 804"
},
{
"status": "affected",
"version": "IS-PRA 805"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
}
],
"value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:56:36.139Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488341"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45286",
"datePublished": "2024-09-10T03:56:36.139Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:26:21.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45286 (GCVE-0-2024-45286)
Vulnerability from nvd – Published: 2024-09-10 03:56 – Updated: 2024-09-10 13:26
VLAI?
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) |
Affected:
S4CEXT 106
Affected: S4CEXT 107 Affected: S4CEXT 108 Affected: IS-PRA 605 Affected: IS-PRA 606 Affected: IS-PRA 616 Affected: IS-PRA 617 Affected: IS-PRA 618 Affected: IS-PRA 800 Affected: IS-PRA 801 Affected: IS-PRA 802 Affected: IS-PRA 803 Affected: IS-PRA 804 Affected: IS-PRA 805 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:26:08.017203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:26:21.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Production and Revenue Accounting (Tobin interface)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CEXT 106"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "S4CEXT 108"
},
{
"status": "affected",
"version": "IS-PRA 605"
},
{
"status": "affected",
"version": "IS-PRA 606"
},
{
"status": "affected",
"version": "IS-PRA 616"
},
{
"status": "affected",
"version": "IS-PRA 617"
},
{
"status": "affected",
"version": "IS-PRA 618"
},
{
"status": "affected",
"version": "IS-PRA 800"
},
{
"status": "affected",
"version": "IS-PRA 801"
},
{
"status": "affected",
"version": "IS-PRA 802"
},
{
"status": "affected",
"version": "IS-PRA 803"
},
{
"status": "affected",
"version": "IS-PRA 804"
},
{
"status": "affected",
"version": "IS-PRA 805"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
}
],
"value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:56:36.139Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488341"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45286",
"datePublished": "2024-09-10T03:56:36.139Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:26:21.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}