{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41729", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-07-22T08:06:52.675Z", "datePublished": "2024-09-10T02:33:32.937Z", "dateUpdated": "2024-09-10T14:05:36.468Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver BW (BEx Analyzer)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "DW4CORE 200"}, {"status": "affected", "version": "DW4CORE 300"}, {"status": "affected", "version": "DW4CORE 400"}, {"status": "affected", "version": "SAP_BW 700"}, {"status": "affected", "version": "SAP_BW 701"}, {"status": "affected", "version": "SAP_BW 702"}, {"status": "affected", "version": "SAP_BW 731"}, {"status": "affected", "version": "SAP_BW 740"}, {"status": "affected", "version": "SAP_BW 750"}, {"status": "affected", "version": "SAP_BW 751"}, {"status": "affected", "version": "SAP_BW 752"}, {"status": "affected", "version": "SAP_BW 753"}, {"status": "affected", "version": "SAP_BW 754"}, {"status": "affected", "version": "SAP_BW 755"}, {"status": "affected", "version": "SAP_BW 756"}, {"status": "affected", "version": "SAP_BW 757"}, {"status": "affected", "version": "SAP_BW 758"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.</p>"}], "value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "lang": "eng", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T02:33:32.937Z"}, "references": [{"url": "https://me.sap.com/notes/3481588"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T14:05:27.673500Z", "id": "CVE-2024-41729", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T14:05:36.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41729", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T14:05:27.673500Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T14:05:32.500Z"}}], "cna": {"title": "Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver BW (BEx Analyzer)", "versions": [{"status": "affected", "version": "DW4CORE 200"}, {"status": "affected", "version": "DW4CORE 300"}, {"status": "affected", "version": "DW4CORE 400"}, {"status": "affected", "version": "SAP_BW 700"}, {"status": "affected", "version": "SAP_BW 701"}, {"status": "affected", "version": "SAP_BW 702"}, {"status": "affected", "version": "SAP_BW 731"}, {"status": "affected", "version": "SAP_BW 740"}, {"status": "affected", "version": "SAP_BW 750"}, {"status": "affected", "version": "SAP_BW 751"}, {"status": "affected", "version": "SAP_BW 752"}, {"status": "affected", "version": "SAP_BW 753"}, {"status": "affected", "version": "SAP_BW 754"}, {"status": "affected", "version": "SAP_BW 755"}, {"status": "affected", "version": "SAP_BW 756"}, {"status": "affected", "version": "SAP_BW 757"}, {"status": "affected", "version": "SAP_BW 758"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3481588"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T02:33:32.937Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41729", "state": "PUBLISHED", "dateUpdated": "2024-09-10T14:05:36.468Z", "dateReserved": "2024-07-22T08:06:52.675Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-09-10T02:33:32.937Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."}, {"lang": "es", "value": "Debido a la falta de comprobaciones de autorizaci\u00f3n, SAP BEx Analyzer permite que un atacante autenticado acceda a informaci\u00f3n a trav\u00e9s de la red que, de otro modo, estar\u00eda restringida. Si la explotaci\u00f3n es exitosa, el atacante puede enumerar informaci\u00f3n, lo que provoca un impacto limitado en la confidencialidad de la aplicaci\u00f3n."}], "id": "CVE-2024-41729", "lastModified": "2024-09-10T12:09:50.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-09-10T03:15:02.033", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3481588"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}, {"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}