Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Production and Revenue Accounting (Tobin interface) by SAP_SE

    CVE-2024-45286 (GCVE-0-2024-45286)

    Vulnerability from nvd – Published: 2024-09-10 03:56 – Updated: 2024-09-10 13:26
    VLAI
    Title
    Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
    Summary
    Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Production and Revenue Accounting (Tobin interface) Affected: S4CEXT 106
    Affected: S4CEXT 107
    Affected: S4CEXT 108
    Affected: IS-PRA 605
    Affected: IS-PRA 606
    Affected: IS-PRA 616
    Affected: IS-PRA 617
    Affected: IS-PRA 618
    Affected: IS-PRA 800
    Affected: IS-PRA 801
    Affected: IS-PRA 802
    Affected: IS-PRA 803
    Affected: IS-PRA 804
    Affected: IS-PRA 805
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:26:08.017203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:26:21.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Production and Revenue Accounting (Tobin interface)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CEXT 106"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 107"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 108"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 605"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 606"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 616"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 617"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 618"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 800"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 801"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 802"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 803"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 804"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 805"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T03:56:36.139Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3488341"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-45286",
        "datePublished": "2024-09-10T03:56:36.139Z",
        "dateReserved": "2024-08-26T10:39:20.933Z",
        "dateUpdated": "2024-09-10T13:26:21.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45286 (GCVE-0-2024-45286)

    Vulnerability from cvelistv5 – Published: 2024-09-10 03:56 – Updated: 2024-09-10 13:26
    VLAI
    Title
    Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
    Summary
    Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Production and Revenue Accounting (Tobin interface) Affected: S4CEXT 106
    Affected: S4CEXT 107
    Affected: S4CEXT 108
    Affected: IS-PRA 605
    Affected: IS-PRA 606
    Affected: IS-PRA 616
    Affected: IS-PRA 617
    Affected: IS-PRA 618
    Affected: IS-PRA 800
    Affected: IS-PRA 801
    Affected: IS-PRA 802
    Affected: IS-PRA 803
    Affected: IS-PRA 804
    Affected: IS-PRA 805
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45286",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:26:08.017203Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:26:21.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Production and Revenue Accounting (Tobin interface)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CEXT 106"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 107"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 108"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 605"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 606"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 616"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 617"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 618"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 800"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 801"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 802"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 803"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 804"
                },
                {
                  "status": "affected",
                  "version": "IS-PRA 805"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T03:56:36.139Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3488341"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-45286",
        "datePublished": "2024-09-10T03:56:36.139Z",
        "dateReserved": "2024-08-26T10:39:20.933Z",
        "dateUpdated": "2024-09-10T13:26:21.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }