CVE-2024-45286

{"id": "CVE-2024-45286", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T04:15:04.950", "references": [{"url": "https://me.sap.com/notes/3488341", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."}, {"lang": "es", "value": "Debido a la falta de controles de autorizaci\u00f3n adecuados al llamar a un usuario, un m\u00f3dulo de funciones de la interfaz Tobin obsoleta de SAP Production and Revenue Accounting permite el acceso no autorizado que podr\u00eda dar lugar a la divulgaci\u00f3n de datos altamente confidenciales. No hay ning\u00fan impacto en la integridad ni en la disponibilidad."}], "lastModified": "2024-09-10T12:09:50.377", "sourceIdentifier": "cna@sap.com"}