CVE-2024-24740Incorrect Permission Assignment in SE SAP Netweaver Application Server Abap

CWE-732Incorrect Permission AssignmentCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 59.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Application Server AbapSAP Netweaver Application Server Abap
Timeline
PublishedFeb 13

Description

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsap/netweaver_application8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-87g4-jwg6-xx68: SAP NetWeaver Application Server (ABAP) - versions KERNEL 72024-02-13
CVEList
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)2024-02-13
CVE-2024-24740 — Incorrect Permission Assignment | cvebase