CVE-2024-44114

Published: Sep 10, 2024Modified: Sep 16, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

Affected (13)

Products: Sap: Netweaver Application Server Abap

Sap

1 product

Netweaver Application Server Abap

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Abap	Version 702
Sap Netweaver Application Server Abap	Version 731
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 751
Sap Netweaver Application Server Abap	Version 752
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 754
Sap Netweaver Application Server Abap	Version 755
Sap Netweaver Application Server Abap	Version 756
Sap Netweaver Application Server Abap	Version 757
Sap Netweaver Application Server Abap	Version 758
Sap Netweaver Application Server Abap	Version 912

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://me.sap.com/notes/3507252

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Patch

Timeline

No history available yet.