Vulnerability Details CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.9%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-44112
-
cpe:2.3:a:sap:oil_%/_gas:600
-
cpe:2.3:a:sap:oil_%/_gas:602
-
cpe:2.3:a:sap:oil_%/_gas:603
-
cpe:2.3:a:sap:oil_%/_gas:604
-
cpe:2.3:a:sap:oil_%/_gas:605
-
cpe:2.3:a:sap:oil_%/_gas:606
-
cpe:2.3:a:sap:oil_%/_gas:617
-
cpe:2.3:a:sap:oil_%/_gas:618
-
cpe:2.3:a:sap:oil_%/_gas:800
-
cpe:2.3:a:sap:oil_%/_gas:802
-
cpe:2.3:a:sap:oil_%/_gas:803
-
cpe:2.3:a:sap:oil_%/_gas:804
-
cpe:2.3:a:sap:oil_%/_gas:805
-
cpe:2.3:a:sap:oil_%/_gas:806
-
cpe:2.3:a:sap:oil_%/_gas:807