CVE-2024-44121

{"id": "CVE-2024-44121", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T05:15:11.430", "references": [{"url": "https://me.sap.com/notes/3437585", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-213"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application"}, {"lang": "es", "value": "En determinadas condiciones, los informes reglamentarios en SAP S/4 HANA permiten a un atacante con privilegios b\u00e1sicos acceder a informaci\u00f3n que de otro modo estar\u00eda restringida. La vulnerabilidad podr\u00eda exponer datos internos de usuarios que deber\u00edan permanecer confidenciales. No afecta a la integridad ni a la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-10T12:09:50.377", "sourceIdentifier": "cna@sap.com"}