What is the severity of CVE-2024-44112?

CVE-2024-44112 is considered a moderate severity vulnerability due to improper authorization checks.

How do I fix CVE-2024-44112?

To fix CVE-2024-44112, apply the latest security patches provided by SAP for the affected versions.

What software versions are affected by CVE-2024-44112?

CVE-2024-44112 affects SAP Oil & Gas versions from 600 to 807.

What is the impact of CVE-2024-44112?

The impact of CVE-2024-44112 allows an authenticated non-administrative user to delete non-sensitive entries in user data tables.

Who can exploit CVE-2024-44112?

CVE-2024-44112 can be exploited by authenticated non-administrative users with access to the SAP Oil & Gas application.

Vulnerability/
CVE-2024-44112

medium

4.3

CWE

862

10/9/2024

16/9/2024

CVE-2024-44112: Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

First published: Tue Sep 10 2024(Updated: )

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
Sap Oil \%\/ Gas	=600
Sap Oil \%\/ Gas	=602
Sap Oil \%\/ Gas	=603
Sap Oil \%\/ Gas	=604
Sap Oil \%\/ Gas	=605
Sap Oil \%\/ Gas	=606
Sap Oil \%\/ Gas	=617
Sap Oil \%\/ Gas	=618
Sap Oil \%\/ Gas	=800
Sap Oil \%\/ Gas	=802
Sap Oil \%\/ Gas	=803
Sap Oil \%\/ Gas	=804
Sap Oil \%\/ Gas	=805
Sap Oil \%\/ Gas	=806
Sap Oil \%\/ Gas	=807

Remedy

https://url.sap/sapsecuritypatchday

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-44112?
CVE-2024-44112 is considered a moderate severity vulnerability due to improper authorization checks.
How do I fix CVE-2024-44112?
To fix CVE-2024-44112, apply the latest security patches provided by SAP for the affected versions.
What software versions are affected by CVE-2024-44112?
CVE-2024-44112 affects SAP Oil & Gas versions from 600 to 807.
What is the impact of CVE-2024-44112?
The impact of CVE-2024-44112 allows an authenticated non-administrative user to delete non-sensitive entries in user data tables.
Who can exploit CVE-2024-44112?
CVE-2024-44112 can be exploited by authenticated non-administrative users with access to the SAP Oil & Gas application.

agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/source
vendor/sap
canonical/sap oil \%\/ gas
version/sap oil \%\/ gas/600
version/sap oil \%\/ gas/602
version/sap oil \%\/ gas/603
version/sap oil \%\/ gas/604
version/sap oil \%\/ gas/605
version/sap oil \%\/ gas/606
version/sap oil \%\/ gas/617
version/sap oil \%\/ gas/618
version/sap oil \%\/ gas/800
version/sap oil \%\/ gas/802
version/sap oil \%\/ gas/803
version/sap oil \%\/ gas/804
version/sap oil \%\/ gas/805
version/sap oil \%\/ gas/806
version/sap oil \%\/ gas/807

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.