CVE-2024-33005Missing Authorization in SAP Content Server

CWE-862Missing Authorization3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 74.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP Content ServerSAP Netweaver AbapSAP Netweaver Java+1 more
Timeline
PublishedAug 13

Description

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:HExploitability: 0.8 | Impact: 5.5

Affected Packages4 packages

NVDsap/content_server12 versions+11
NVDsap/netweaver_abap12 versions+11
NVDsap/netweaver_java12 versions+11
NVDsap/web_dispatcher19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-f3rg-6v2h-rjpj: Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java),2024-08-13
CVEList
Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server2024-08-13
CVE-2024-33005 — Missing Authorization in SAP | cvebase