CVE-2024-44117

Vulnerability

Overview CVE-2024-44117 describes a flaw in an RFC-enabled function module within SAP applications. The module fails to properly enforce authorization checks, allowing a low-privileged user to perform actions that should be restricted. Specifically, the attacker can modify the URLs of any user's favorite nodes and workbook IDs [1].

Exploitation

Exploitation requires only low privileges and network access to the RFC interface. No authentication bypass is needed; the attacker simply invokes the vulnerable function module with crafted parameters. The attack surface is limited to users who have access to RFC calls, but the lack of proper authorization means any such user can target arbitrary other users' data.

Impact

Successful exploitation results in low integrity and availability impact. The attacker can alter URLs that other users rely on, potentially redirecting them to malicious content or causing denial of service by corrupting workbook IDs. The confidentiality of data is not directly affected.

Mitigation

SAP has addressed this vulnerability in its Security Patch Day on September 10, 2024. Administrators should apply the relevant SAP Security Note as soon as possible. No workarounds are documented, so patching is the recommended course of action [1].