← Back

CVE-2024-41734

nvd nist
Published: Aug 13, 2024Modified: Sep 12, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

Affected (15)

Sap
1 product
Netweaver Application Server Abap
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Application Server Abap
Version sap_basis_700
Netweaver Application Server Abap
Version sap_basis_701
Netweaver Application Server Abap
Version sap_basis_702
Netweaver Application Server Abap
Version sap_basis_731
Netweaver Application Server Abap
Version sap_basis_740
Netweaver Application Server Abap
Version sap_basis_750
Netweaver Application Server Abap
Version sap_basis_751
Netweaver Application Server Abap
Version sap_basis_752
Netweaver Application Server Abap
Version sap_basis_753
Netweaver Application Server Abap
Version sap_basis_754
Netweaver Application Server Abap
Version sap_basis_755
Netweaver Application Server Abap
Version sap_basis_756
Netweaver Application Server Abap
Version sap_basis_757
Netweaver Application Server Abap
Version sap_basis_758
Netweaver Application Server Abap
Version sap_basis_912

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory

Timeline

No history available yet.