CVE-2024-45286

Summary

Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Production and Revenue Accounting (Tobin interface)S4CEXT 106affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)S4CEXT 107affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)S4CEXT 108affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 605affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 606affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 616affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 617affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 618affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 800affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 801affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 802affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 803affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 804affected
SAP_SESAP Production and Revenue Accounting (Tobin interface)IS-PRA 805affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References