CVE-2024-44113

MEDIUM

SAP Business Warehouse - Info Disclosure

Title source: llm

Description

Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3481992

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359 CWE-862

Status published

Products (17)

SAP_SE/SAP Business Warehouse (BEx Analyzer) DW4CORE 200

SAP_SE/SAP Business Warehouse (BEx Analyzer) DW4CORE 300

SAP_SE/SAP Business Warehouse (BEx Analyzer) DW4CORE 400

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 700

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 701

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 702

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 731

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 740

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 750

SAP_SE/SAP Business Warehouse (BEx Analyzer) SAP_BW 751

... and 7 more

Published Sep 10, 2024

Tracked Since Feb 18, 2026