CVE has been recently published to the CVE List and has been received by the NVD.
Products
SAP Web Dispatcher
SAP NetWeaver Application Server (ABAP)
SAP NetWeaver Application Server (Java)
SAP Content Server
Source
cna@sap.com
Tags
CVE-2024-33005 details
Last Modified : Aug. 13, 2024, 12:58 p.m.
Description
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.3 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-862 | Missing Authorization | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.3
Exploitability Score
0.8
Impact Score
5.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
References
URL | Source |
---|---|
https://me.sap.com/notes/3438085 | cna@sap.com |
https://url.sap/sapsecuritypatchday | cna@sap.com |