CVE-2024-44112: Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
First published: Tue Sep 10 2024(Updated: )
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Oil \%\/ Gas | =600 | |
| Sap Oil \%\/ Gas | =602 | |
| Sap Oil \%\/ Gas | =603 | |
| Sap Oil \%\/ Gas | =604 | |
| Sap Oil \%\/ Gas | =605 | |
| Sap Oil \%\/ Gas | =606 | |
| Sap Oil \%\/ Gas | =617 | |
| Sap Oil \%\/ Gas | =618 | |
| Sap Oil \%\/ Gas | =800 | |
| Sap Oil \%\/ Gas | =802 | |
| Sap Oil \%\/ Gas | =803 | |
| Sap Oil \%\/ Gas | =804 | |
| Sap Oil \%\/ Gas | =805 | |
| Sap Oil \%\/ Gas | =806 | |
| Sap Oil \%\/ Gas | =807 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap oil \%\/ gas
- version/sap oil \%\/ gas/600
- version/sap oil \%\/ gas/602
- version/sap oil \%\/ gas/603
- version/sap oil \%\/ gas/604
- version/sap oil \%\/ gas/605
- version/sap oil \%\/ gas/606
- version/sap oil \%\/ gas/617
- version/sap oil \%\/ gas/618
- version/sap oil \%\/ gas/800
- version/sap oil \%\/ gas/802
- version/sap oil \%\/ gas/803
- version/sap oil \%\/ gas/804
- version/sap oil \%\/ gas/805
- version/sap oil \%\/ gas/806
- version/sap oil \%\/ gas/807