Lucene search

SapCVE-2024-41734

HistoryAug 13, 2024 - 5:15 a.m.

CVE-2024-41734

2024-08-1305:15:13

CWE-862

sap

web.nvd.nist.gov

sap

netweaver

authorization

disclosure

information

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.7%

JSON

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

Affected configurations

Nvd

Node

sapnetweaver_application_server_abapMatchsap_basis_700

sapnetweaver_application_server_abapMatchsap_basis_701

sapnetweaver_application_server_abapMatchsap_basis_702

sapnetweaver_application_server_abapMatchsap_basis_731

sapnetweaver_application_server_abapMatchsap_basis_740

sapnetweaver_application_server_abapMatchsap_basis_750

sapnetweaver_application_server_abapMatchsap_basis_751

sapnetweaver_application_server_abapMatchsap_basis_752

sapnetweaver_application_server_abapMatchsap_basis_753

sapnetweaver_application_server_abapMatchsap_basis_754

sapnetweaver_application_server_abapMatchsap_basis_755

sapnetweaver_application_server_abapMatchsap_basis_756

sapnetweaver_application_server_abapMatchsap_basis_757

sapnetweaver_application_server_abapMatchsap_basis_758

sapnetweaver_application_server_abapMatchsap_basis_912

VendorProductVersionCPE
sapnetweaver_application_server_abapsap_basis_700cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_701cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_702cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_731cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_740cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_750cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_751cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_752cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_753cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*
sapnetweaver_application_server_abapsap_basis_754cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	sap_basis_700	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:::::::*
sap	netweaver_application_server_abap	sap_basis_701	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:::::::*
sap	netweaver_application_server_abap	sap_basis_702	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:::::::*
sap	netweaver_application_server_abap	sap_basis_731	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:::::::*
sap	netweaver_application_server_abap	sap_basis_740	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:::::::*
sap	netweaver_application_server_abap	sap_basis_750	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:::::::*
sap	netweaver_application_server_abap	sap_basis_751	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:::::::*
sap	netweaver_application_server_abap	sap_basis_752	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:::::::*
sap	netweaver_application_server_abap	sap_basis_753	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:::::::*
sap	netweaver_application_server_abap	sap_basis_754	cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 912"
      }
    ]
  }
]

References

me.sap.com/notes/3494349

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-41734