CVE-2024-44112
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/09/2024
Last modified:
16/09/2024
Description
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:oil_\%\/_gas:600:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:602:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:603:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:604:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:605:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:606:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:617:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:618:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:800:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:802:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:803:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:804:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:805:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:806:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:oil_\%\/_gas:807:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page