CVE-2024-44113

Summary

Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse (BEx Analyzer)DW4CORE 200affected
SAP_SESAP Business Warehouse (BEx Analyzer)DW4CORE 300affected
SAP_SESAP Business Warehouse (BEx Analyzer)DW4CORE 400affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 700affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 701affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 702affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 731affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 740affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 750affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 751affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 752affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 753affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 754affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 755affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 756affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 757affected
SAP_SESAP Business Warehouse (BEx Analyzer)SAP_BW 758affected

Weaknesses

  • CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References