CVE-2024-44112 MEDIUM

CVE-2024-44112: Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Vendor Sap_Se
Product SAP for Oil & Gas
Weakness CWE-862 · Missing authorization
Published September 10, 2024
Last update September 10, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated