Attackers Can Delete Non-Sensitive Entries in User Data Table Due to Lack of Authorization Check
CVE-2024-44112
4.3MEDIUM
Summary
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Affected Version(s)
SAP for Oil & Gas = 600
SAP for Oil & Gas = 602
SAP for Oil & Gas = 603
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database