Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-45286— Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)

CVSS 6.5 · Medium EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-45286

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP Production and Revenue Accounting 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP Production and Revenue Accounting是德国思爱普(SAP)公司的一个综合解决方案,用于高效管理收入会计的关键流程。 SAP Production and Revenue Accounting存在安全漏洞,该漏洞源于缺乏适当的授权检查,SAP 生产和收入会计中过时的 Tobin 接口中的功能模块允许未经授权的访问,从而可能导致高度敏感数据的泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAP_SESAP Production and Revenue Accounting (Tobin interface) S4CEXT 106 -

II. Public POCs for CVE-2024-45286

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-45286

登录查看更多情报信息。

Same Patch Batch · SAP_SE · 2024-09-10 · 20 CVEs total

CVE-2024-423786.1 MEDIUMCross-Site Scripting (XSS) in eProcurement on S/4HANA
CVE-2024-452796.1 MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM
CVE-2024-452836.0 MEDIUMInformation disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
CVE-2024-452815.8 MEDIUMDLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2024-423715.4 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-452855.4 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-441175.4 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-452804.8 MEDIUMCross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)
CVE-2024-441204.7 MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
CVE-2024-441164.3 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-441124.3 MEDIUMMissing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
CVE-2024-441154.3 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-441214.3 MEDIUMInformation Disclosure in SAP S/4 HANA (Statutory Reports)
CVE-2024-441134.3 MEDIUMInformation Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)
CVE-2024-423804.3 MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-417294.3 MEDIUMInformation Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)
CVE-2024-417282.7 LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-452842.4 LOWMissing authorization check in SAP Student Life Cycle Management (SLcM)
CVE-2024-441142.0 LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

IV. Related Vulnerabilities

Same vendor: SAP_SE
Same weakness: CWE-862

V. Comments for CVE-2024-45286

No comments yet

Leave a comment