CVE-2024-44112

Published Sep 10, 2024

Last updated 2 months ago

CVSS medium 4.3

Overview

Description: Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:600:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E4FDD2B-B5BA-45E3-9E3C-1DE16EE7F8A4"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:602:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E37B0E5D-5F45-4325-BCBE-14868058C02E"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:603:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2D57ACB-6555-4BC1-BDA4-C1AEE627FDBC"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:604:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8AC6142-D03B-4437-907D-F80C2FD6C18C"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:605:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "796F8470-CA51-42C4-B03A-97A02617E6D7"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:606:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48701B07-F944-4A55-B43F-8827DD0F3F4A"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:617:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B575B79-8F75-4B9F-9379-BBDB126D139F"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:618:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77D5E396-0DA6-49A5-A66B-1A4A3D14C646"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F7113F-DA15-4F74-BD77-39D8A9FC9E7C"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:802:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF8F332-0BCC-4DCA-B7ED-15936FE73DC3"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AACBC4D0-3EC8-4F1E-BBCA-60F736CA4D41"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:804:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A6D519D-D774-43E2-A4D0-B41443B6C8E4"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:805:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "593CF420-1660-43E1-BCBC-DBE877784A85"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:806:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83271FF6-2026-4735-9BD8-E5D328CB6753"
          },
          {
            "criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:807:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF3686DE-F526-473D-A8D2-02F94FE0D385"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References