Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-44114

Sept. 16, 2024, 2:09 p.m.

CVSS Score

2.7 / 10

Products Impacted

Vendor Product Versions
sap
  • netweaver_application_server_abap
  • 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

Weaknesses

CWE-863
Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CWE ID: 863

Date

Published: Sept. 10, 2024, 3:15 a.m.

Last Modified: Sept. 16, 2024, 2:09 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@sap.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a sap netweaver_application_server_abap 702 / / / / / / /
a sap netweaver_application_server_abap 731 / / / / / / /
a sap netweaver_application_server_abap 740 / / / / / / /
a sap netweaver_application_server_abap 750 / / / / / / /
a sap netweaver_application_server_abap 751 / / / / / / /
a sap netweaver_application_server_abap 752 / / / / / / /
a sap netweaver_application_server_abap 753 / / / / / / /
a sap netweaver_application_server_abap 754 / / / / / / /
a sap netweaver_application_server_abap 755 / / / / / / /
a sap netweaver_application_server_abap 756 / / / / / / /
a sap netweaver_application_server_abap 757 / / / / / / /
a sap netweaver_application_server_abap 758 / / / / / / /
a sap netweaver_application_server_abap 912 / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
2.7
Exploitability Score
1.2
Impact Score
1.4
Base Severity
LOW
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References