CVE-2024-44113
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | DW4CORE 200 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | DW4CORE 300 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | DW4CORE 400 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 700 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 701 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 702 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 731 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 740 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 750 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 751 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 752 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 753 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 754 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 755 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 756 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 757 | affected |
| SAP_SE | SAP Business Warehouse (BEx Analyzer) | SAP_BW 758 | affected |
Weaknesses
- CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.