Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Business Warehouse (BEx Analyzer) by SAP_SE

    CVE-2024-44113 (GCVE-0-2024-44113)

    Vulnerability from nvd – Published: 2024-09-10 03:04 – Updated: 2024-09-10 13:27
    VLAI
    Title
    Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)
    Summary
    Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    • CWE-862 - Missing Authorization
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse (BEx Analyzer) Affected: DW4CORE 200
    Affected: DW4CORE 300
    Affected: DW4CORE 400
    Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:27:38.796447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:27:59.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse (BEx Analyzer)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 200"
                },
                {
                  "status": "affected",
                  "version": "DW4CORE 300"
                },
                {
                  "status": "affected",
                  "version": "DW4CORE 400"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T05:05:38.527Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3481992"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-44113",
        "datePublished": "2024-09-10T03:04:28.683Z",
        "dateReserved": "2024-08-20T20:22:59.936Z",
        "dateUpdated": "2024-09-10T13:27:59.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-44113 (GCVE-0-2024-44113)

    Vulnerability from cvelistv5 – Published: 2024-09-10 03:04 – Updated: 2024-09-10 13:27
    VLAI
    Title
    Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)
    Summary
    Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    • CWE-862 - Missing Authorization
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse (BEx Analyzer) Affected: DW4CORE 200
    Affected: DW4CORE 300
    Affected: DW4CORE 400
    Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:27:38.796447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:27:59.898Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse (BEx Analyzer)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 200"
                },
                {
                  "status": "affected",
                  "version": "DW4CORE 300"
                },
                {
                  "status": "affected",
                  "version": "DW4CORE 400"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T05:05:38.527Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3481992"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-44113",
        "datePublished": "2024-09-10T03:04:28.683Z",
        "dateReserved": "2024-08-20T20:22:59.936Z",
        "dateUpdated": "2024-09-10T13:27:59.898Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }