CVE-2024-39599

CWE-6933 documents3 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 90.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP SAP Basis

Timeline

PublishedJul 9

Description

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This leads to a low impact on the application's confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform16 versions+15

▶NVDsap/sap_basis16 versions+15

Patches

Patch: url.sap ↗Patch: url.sap ↗

🔴Vulnerability Details

CVEList

[CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform↗2024-07-09

▶

GHSA

GHSA-wcw7-26p5-ffxv: Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware sc↗2024-07-09

▶