CVE-2024-44113Exposure of Private Personal Information to an Unauthorized Actor in SE SAP Business Warehouse

CWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 69.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Warehouse
Timeline
PublishedSep 10

Description

Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_business_warehouse17 versions+16

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)2024-09-10
GHSA
GHSA-v3w5-wfjx-fh47: Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network whi2024-09-10
CVE-2024-44113 — MEDIUM severity | cvebase