CVE-2024-44112 Information

Description

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution) an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

Reference

https://me.sap.com/notes/3505293 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday