{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45286", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-08-26T10:39:20.933Z", "datePublished": "2024-09-10T03:56:36.139Z", "dateUpdated": "2024-09-10T13:26:21.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Production and Revenue Accounting (Tobin interface)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CEXT 106"}, {"status": "affected", "version": "S4CEXT 107"}, {"status": "affected", "version": "S4CEXT 108"}, {"status": "affected", "version": "IS-PRA 605"}, {"status": "affected", "version": "IS-PRA 606"}, {"status": "affected", "version": "IS-PRA 616"}, {"status": "affected", "version": "IS-PRA 617"}, {"status": "affected", "version": "IS-PRA 618"}, {"status": "affected", "version": "IS-PRA 800"}, {"status": "affected", "version": "IS-PRA 801"}, {"status": "affected", "version": "IS-PRA 802"}, {"status": "affected", "version": "IS-PRA 803"}, {"status": "affected", "version": "IS-PRA 804"}, {"status": "affected", "version": "IS-PRA 805"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.</p>"}], "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T03:56:36.139Z"}, "references": [{"url": "https://me.sap.com/notes/3488341"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T13:26:08.017203Z", "id": "CVE-2024-45286", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T13:26:21.584Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45286", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-08-26T10:39:20.933Z", "datePublished": "2024-09-10T03:56:36.139Z", "dateUpdated": "2024-09-10T13:26:21.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Production and Revenue Accounting (Tobin interface)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CEXT 106"}, {"status": "affected", "version": "S4CEXT 107"}, {"status": "affected", "version": "S4CEXT 108"}, {"status": "affected", "version": "IS-PRA 605"}, {"status": "affected", "version": "IS-PRA 606"}, {"status": "affected", "version": "IS-PRA 616"}, {"status": "affected", "version": "IS-PRA 617"}, {"status": "affected", "version": "IS-PRA 618"}, {"status": "affected", "version": "IS-PRA 800"}, {"status": "affected", "version": "IS-PRA 801"}, {"status": "affected", "version": "IS-PRA 802"}, {"status": "affected", "version": "IS-PRA 803"}, {"status": "affected", "version": "IS-PRA 804"}, {"status": "affected", "version": "IS-PRA 805"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.</p>"}], "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-10T03:56:36.139Z"}, "references": [{"url": "https://me.sap.com/notes/3488341"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T13:26:08.017203Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T13:26:09.536Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."}, {"lang": "es", "value": "Debido a la falta de controles de autorizaci\u00f3n adecuados al llamar a un usuario, un m\u00f3dulo de funciones de la interfaz Tobin obsoleta de SAP Production and Revenue Accounting permite el acceso no autorizado que podr\u00eda dar lugar a la divulgaci\u00f3n de datos altamente confidenciales. No hay ning\u00fan impacto en la integridad ni en la disponibilidad."}], "id": "CVE-2024-45286", "lastModified": "2024-09-10T12:09:50.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-09-10T04:15:04.950", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3488341"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}