CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server

🗓️ 13 Aug 2024 03:47:44Reported by sapType

Missing authorization check in SAP systems can lead to user impersonation and unintended action

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher integration platforms are related to authentication procedures that lack sufficient safeguards. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.	16 Oct 202400:00	–	bdu_fstec
Circl	CVE-2024-33005	13 Aug 202407:04	–	circl
CNNVD	SAP Web Dispatcher、SAP NetWeaver Application Server 和 SAP Content Server 安全漏洞	13 Aug 202400:00	–	cnnvd
CVE	CVE-2024-33005	13 Aug 202403:47	–	cve
EUVD	EUVD-2024-30750	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	13 Aug 202413:47	–	ncsc
NVD	CVE-2024-33005	13 Aug 202404:15	–	nvd
OSV	CVE-2024-33005	13 Aug 202404:15	–	osv
RedhatCVE	CVE-2024-33005	23 May 202506:39	–	redhatcve
Tenable Nessus	SAP NetWeaver AS Java Missing Authorization (3438085)	15 Aug 202400:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.53"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.77"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.85"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.22_EXT"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.89"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.54"
      },
      {
        "status": "affected",
        "version": "WEBDISP 7.93"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.85"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.89"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.93"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3438085

13 Aug 2024 03:47Current

CVSS 3.16.3

EPSS0.00208

CWE-862