Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-33005
HistoryAug 13, 2024 - 4:15 a.m.

CVE-2024-33005

2024-08-1304:15:07
CWE-862
[email protected]
web.nvd.nist.gov
4
authorization checks missing
sap web dispatcher
sap netweaver
sap content server
user impersonation
confidentiality impact
integrity impact
availability impact

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

EPSS

0

Percentile

9.5%

JSON

Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.

Affected configurations

Nvd
Node
sapnetweaver_abapMatchkernel_7.22
OR
sapnetweaver_abapMatchkernel_7.53
OR
sapnetweaver_abapMatchkernel_7.54
OR
sapnetweaver_abapMatchkernel_7.77
OR
sapnetweaver_abapMatchkernel_7.85
OR
sapnetweaver_abapMatchkernel_7.89
OR
sapnetweaver_abapMatchkernel_7.93
OR
sapnetweaver_abapMatchkrnl64nuc_7.22
OR
sapnetweaver_abapMatchkrnl64nuc_7.22ext
OR
sapnetweaver_abapMatchkrnl64uc_7.22
OR
sapnetweaver_abapMatchkrnl64uc_7.22ext
OR
sapnetweaver_abapMatchkrnl64uc_7.53
Node
sapnetweaver_javaMatchkernel_7.22
OR
sapnetweaver_javaMatchkernel_7.53
OR
sapnetweaver_javaMatchkernel_7.54
OR
sapnetweaver_javaMatchkernel_7.77
OR
sapnetweaver_javaMatchkernel_7.85
OR
sapnetweaver_javaMatchkernel_7.89
OR
sapnetweaver_javaMatchkernel_7.93
OR
sapnetweaver_javaMatchkrnl64nuc_7.22
OR
sapnetweaver_javaMatchkrnl64nuc_7.22ext
OR
sapnetweaver_javaMatchkrnl64uc_7.22
OR
sapnetweaver_javaMatchkrnl64uc_7.22ext
OR
sapnetweaver_javaMatchkrnl64uc_7.53
Node
sapcontent_serverMatchkernel_7.22
OR
sapcontent_serverMatchkernel_7.53
OR
sapcontent_serverMatchkernel_7.54
OR
sapcontent_serverMatchkernel_7.77
OR
sapcontent_serverMatchkernel_7.85
OR
sapcontent_serverMatchkernel_7.89
OR
sapcontent_serverMatchkernel_7.93
OR
sapcontent_serverMatchkrnl64nuc_7.22
OR
sapcontent_serverMatchkrnl64nuc_7.22ext
OR
sapcontent_serverMatchkrnl64uc_7.22
OR
sapcontent_serverMatchkrnl64uc_7.22ext
OR
sapcontent_serverMatchkrnl64uc_7.53
Node
sapweb_dispatcherMatchkernel_7.22
OR
sapweb_dispatcherMatchkernel_7.53
OR
sapweb_dispatcherMatchkernel_7.54
OR
sapweb_dispatcherMatchkernel_7.77
OR
sapweb_dispatcherMatchkernel_7.85
OR
sapweb_dispatcherMatchkernel_7.89
OR
sapweb_dispatcherMatchkernel_7.93
OR
sapweb_dispatcherMatchkrnl64nuc_7.22
OR
sapweb_dispatcherMatchkrnl64nuc_7.22ext
OR
sapweb_dispatcherMatchkrnl64uc_7.22
OR
sapweb_dispatcherMatchkrnl64uc_7.22ext
OR
sapweb_dispatcherMatchkrnl64uc_7.53
OR
sapweb_dispatcherMatchwebdisp_7.22_ext
OR
sapweb_dispatcherMatchwebdisp_7.53
OR
sapweb_dispatcherMatchwebdisp_7.54
OR
sapweb_dispatcherMatchwebdisp_7.77
OR
sapweb_dispatcherMatchwebdisp_7.85
OR
sapweb_dispatcherMatchwebdisp_7.89
OR
sapweb_dispatcherMatchwebdisp_7.93
VendorProductVersionCPE
sapnetweaver_abapkernel_7.22cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.53cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.54cpe:2.3:a:sap:netweaver_abap:kernel_7.54:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.77cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.85cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.89cpe:2.3:a:sap:netweaver_abap:kernel_7.89:*:*:*:*:*:*:*
sapnetweaver_abapkernel_7.93cpe:2.3:a:sap:netweaver_abap:kernel_7.93:*:*:*:*:*:*:*
sapnetweaver_abapkrnl64nuc_7.22cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
sapnetweaver_abapkrnl64nuc_7.22extcpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
sapnetweaver_abapkrnl64uc_7.22cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*
Rows per page:
1-10 of 551

Related

nessus 1
vulnrichment 1
cve 1
cvelist 1
nessus
nessus
SAP NetWeaver AS Java Missing Authorization (3438085)
2024-08-15 00:00:00
vulnrichment
vulnrichment
CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
2024-08-13 03:47:44
cve
cve
CVE-2024-33005
2024-08-13 04:15:07
cvelist
cvelist
CVE-2024-33005 Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
2024-08-13 03:47:44

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

EPSS

0

Percentile

9.5%

JSON
Related for NVD:CVE-2024-33005
nessus1vulnrichment1cve1cvelist1