CVE-2024-41729
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | DW4CORE 200 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | DW4CORE 300 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | DW4CORE 400 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 700 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 701 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 702 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 731 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 740 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 750 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 751 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 752 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 753 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 754 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 755 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 756 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 757 | affected |
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) | SAP_BW 758 | affected |
Weaknesses
- CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.