All the vulnerabilites related to SAP_SE - SAP Production and Revenue Accounting (Tobin interface)
cve-2024-45286
Vulnerability from cvelistv5
Published
2024-09-10 03:56
Modified
2024-09-10 13:26
Severity ?
EPSS score ?
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP_SE | SAP Production and Revenue Accounting (Tobin interface) |
Version: S4CEXT 106 Version: S4CEXT 107 Version: S4CEXT 108 Version: IS-PRA 605 Version: IS-PRA 606 Version: IS-PRA 616 Version: IS-PRA 617 Version: IS-PRA 618 Version: IS-PRA 800 Version: IS-PRA 801 Version: IS-PRA 802 Version: IS-PRA 803 Version: IS-PRA 804 Version: IS-PRA 805 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45286", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T13:26:08.017203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T13:26:21.584Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP Production and Revenue Accounting (Tobin interface)", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "S4CEXT 106" }, { "status": "affected", "version": "S4CEXT 107" }, { "status": "affected", "version": "S4CEXT 108" }, { "status": "affected", "version": "IS-PRA 605" }, { "status": "affected", "version": "IS-PRA 606" }, { "status": "affected", "version": "IS-PRA 616" }, { "status": "affected", "version": "IS-PRA 617" }, { "status": "affected", "version": "IS-PRA 618" }, { "status": "affected", "version": "IS-PRA 800" }, { "status": "affected", "version": "IS-PRA 801" }, { "status": "affected", "version": "IS-PRA 802" }, { "status": "affected", "version": "IS-PRA 803" }, { "status": "affected", "version": "IS-PRA 804" }, { "status": "affected", "version": "IS-PRA 805" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e" } ], "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T03:56:36.139Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://me.sap.com/notes/3488341" }, { "url": "https://url.sap/sapsecuritypatchday" } ], "source": { "discovery": "UNKNOWN" }, "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2024-45286", "datePublished": "2024-09-10T03:56:36.139Z", "dateReserved": "2024-08-26T10:39:20.933Z", "dateUpdated": "2024-09-10T13:26:21.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }