Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-41728

Sept. 16, 2024, 2:14 p.m.

CVSS Score

2.7 / 10

Products Impacted

Vendor Product Versions
sap
  • netweaver_application_server_abap
  • 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912

Description

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

Weaknesses

CWE-862
Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

CWE ID: 862

Date

Published: Sept. 10, 2024, 4:15 a.m.

Last Modified: Sept. 16, 2024, 2:14 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@sap.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a sap netweaver_application_server_abap 700 / / / / / / /
a sap netweaver_application_server_abap 701 / / / / / / /
a sap netweaver_application_server_abap 702 / / / / / / /
a sap netweaver_application_server_abap 731 / / / / / / /
a sap netweaver_application_server_abap 740 / / / / / / /
a sap netweaver_application_server_abap 750 / / / / / / /
a sap netweaver_application_server_abap 751 / / / / / / /
a sap netweaver_application_server_abap 752 / / / / / / /
a sap netweaver_application_server_abap 753 / / / / / / /
a sap netweaver_application_server_abap 754 / / / / / / /
a sap netweaver_application_server_abap 755 / / / / / / /
a sap netweaver_application_server_abap 756 / / / / / / /
a sap netweaver_application_server_abap 757 / / / / / / /
a sap netweaver_application_server_abap 758 / / / / / / /
a sap netweaver_application_server_abap 912 / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
2.7
Exploitability Score
1.2
Impact Score
1.4
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References