CVE-2024-41728 — Missing Authorization in SE SAP Netweaver Application Server FOR Abap AND Abap Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 75.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedSep 10

Description

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform15 versions+14

▶NVDsap/netweaver_application15 versions+14

Patches

Patch: url.sap ↗

🔴Vulnerability Details

GHSA

GHSA-j583-4h4q-5jwm: Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read ob↗2024-09-10

▶

CVEList

Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform↗2024-09-10

▶