All the vulnerabilites related to SAP_SE - SAP Production and Revenue Accounting (Tobin interface)
cve-2024-45286
Vulnerability from cvelistv5
Published
2024-09-10 03:56
Modified
2024-09-10 13:26
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T13:26:08.017203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T13:26:21.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP Production and Revenue Accounting (Tobin interface)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "S4CEXT 106"
            },
            {
              "status": "affected",
              "version": "S4CEXT 107"
            },
            {
              "status": "affected",
              "version": "S4CEXT 108"
            },
            {
              "status": "affected",
              "version": "IS-PRA 605"
            },
            {
              "status": "affected",
              "version": "IS-PRA 606"
            },
            {
              "status": "affected",
              "version": "IS-PRA 616"
            },
            {
              "status": "affected",
              "version": "IS-PRA 617"
            },
            {
              "status": "affected",
              "version": "IS-PRA 618"
            },
            {
              "status": "affected",
              "version": "IS-PRA 800"
            },
            {
              "status": "affected",
              "version": "IS-PRA 801"
            },
            {
              "status": "affected",
              "version": "IS-PRA 802"
            },
            {
              "status": "affected",
              "version": "IS-PRA 803"
            },
            {
              "status": "affected",
              "version": "IS-PRA 804"
            },
            {
              "status": "affected",
              "version": "IS-PRA 805"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
            }
          ],
          "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T03:56:36.139Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3488341"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2024-45286",
    "datePublished": "2024-09-10T03:56:36.139Z",
    "dateReserved": "2024-08-26T10:39:20.933Z",
    "dateUpdated": "2024-09-10T13:26:21.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}