CVE-2024-45286
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | S4CEXT 106 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | S4CEXT 107 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | S4CEXT 108 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 605 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 606 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 616 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 617 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 618 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 800 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 801 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 802 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 803 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 804 | affected |
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) | IS-PRA 805 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.